Description :

- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization.

- Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT departments).

- Create, communicate, and implement a risk-based process for vendor risk management, including the assessment and treatment of risks that may result from partners, consultants, and other service providers.

- Develop and manage information security budgets and monitor them for variances.

- Establish and administer a process for investigating and responding to security breaches and other cybersecurity incidents.

- Update and maintain the companys incident response plan and processes to address potential threats.

- Coordinate with stakeholders to keep them informed of risks and contingencies associated with potential security threats.

- Advise the organization with current information about information security technologies and related regulatory issues, including analysis and implementation of any legislative actions that affect information security and compliance.

Qualifications :

- A minimum of 5 years of experience in a combination of risk management, information security, and IT jobs with at least 3 years in a senior leadership role.

- Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.

- Strong understanding of the cybersecurity risks associated with various technologies and ways to manage them.

- A Masters degree in Information Systems, Cybersecurity, Computer Science, or a related field is preferred.

Key Skills:

- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.

- Must be a critical thinker with strong problem-solving skills.

- High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

- High degree of initiative, dependability, and ability to work with little supervision.

Technical Security Knowledge :

- Understanding of network, application, cloud, and endpoint security risks.

- Familiarity with identity and access management (IAM), encryption, and PKI.

- Experience with firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM tools, and vulnerability management tools.

- Knowledge of security operations center (SOC) functions and monitoring tools.

- Security architecture design and integration with enterprise IT infrastructure.

Analytical & Operational Skills :

- Threat modeling and cyber risk analysis.

- Security metrics, KPIs, and dashboard reporting.

- Security audit and gap analysis, penetration testing oversight, and remediation planning