Senior Director, Cybersecurity

About The Position

Requirements

• Bachelor's Degree Information Systems, Technology Management, Network Operations Management Required
• Master's Degree Preferred
• 10+ years IT security experience Required
• 5+ years Management experience leading a team Required
• Experience leading and implementing at least one major cybersecurity and compliance program Required
• Experience managing enterprise-wide security awareness, risk management, and third-party governance programs Required
• Deep understanding of information security principles, best practices, standards (such NIST Cybersecurity Framework), and emerging threats - Required
• Awareness of relevant laws, regulations, and industry standards related to data protection and privacy (such as GDPR, HIPAA, CCPA) is necessary for ensuring organizational compliance and avoiding legal issues - Required
• Proficiency in risk assessment methodologies, risk mitigation strategies, and risk management frameworks - Required
• Familiarity with security architectures, technologies, and tools used for safeguarding networks, systems, and data i.e., firewalls, intrusion detection/prevention systems, encryption technologies, and security event monitoring systems. Deep understanding of IT from an infrastructure and network perspective. - Required
• Thorough understanding of incident response processes, including detection, containment, eradication, and recovery from security incidents and breaches. - Required
• Knowledge of disaster recovery planning and business continuity management as it relates to security - Required
• Working knowledge of developing security policies and procedures for establishing security roles and responsibilities, defining security objectives, and ensuring accountability across the organization - Required
• Working knowledge of managing security awareness programs to educate employees about security risks and best practices - Required
• Understanding of vendor risk management practices, including evaluating third-party security controls, assessing vendor security posture, and ensuring compliance with security requirements in vendor contracts - Required
• Strong leadership, communication, and interpersonal skills are vital for effectively communicating security risks and requirements to senior leadership, board members, employees, and external stakeholders - Required
• Professional knowledge with a Security Operations Center and optimizing the resolution of investigations and incidents - Required
• Deep understanding of managing IT technical projects and technical teams - Required
• Ability to think strategically and develop long-term cybersecurity strategies that support the AHA’s objectives to effectively manage risks and drive meaningful change. Understanding of how security impacts day to day operations and workloads and collaborates to maximize productivity and risk management. - Required
• Ability to assess, prioritize, and mitigate cybersecurity risks/vulnerabilities while aligning security efforts with business objectives - Required
• Capacity to analyze complex cybersecurity issues, identify root causes, and develop innovative and/or cost-effective solutions - Required
• Vendor management skills including relationship management, contract reviews and negotiations, and vendor performance monitoring - Required
• Effective budget management skills including managing spend against budget targets, identifying possible cost reduction opportunities, and forecasting budget spend rate and resource utilization - Required
• Effective communication skills including written and verbal, and presentation skills including virtual and in person - Required
• Proficiency with MS O365 office and collaboration applications including Teams, SharePoint, OneDrive, etc., which are essential for various daily tasks and responsibilities in this role - Required

Nice To Haves

• Master's Degree Preferred

Responsibilities

• Establish and maintain a comprehensive company-wide information security program aligned with the AHA risk management strategy that encompasses foundational, operational, and tactical security and compliance elements.
• Ensure the protection of information assets against current and future threats, both internal and external.
• Develop and maintain a security roadmap with an emphasis on continuous improvement.
• Communicate cybersecurity risks, initiatives, and performance to senior leadership and the AHA audit and compliance operations committee.
• Manage the development and implementation of enterprise IT security standards and best practices aligned with organization’s risk management plan.
• Establish and oversee processes to monitor compliance, conduct technical and procedural security audits across IT and business units and coordinate with external auditors and vendors on audit activities and remediation efforts.
• Develop necessary IT security policies and guidelines.
• Develop plans for the implementation of new products and capabilities based on the AHA strategic plan.
• Provide well-defined plans, including procedures, deadlines, and accountability.
• Direct business functions, including approval of project plans, budgets, and work breakdown structure.
• Provide assistance and support to IT Operations and Development teams and work collaboratively to deliver desired outcomes.
• Work directly with key stakeholders and senior members of AHA’s management team on cybersecurity risk management, compliance, and audit procedures.
• Provide direction and oversight for security awareness education activities.
• Collaborate with the compliance officer and legal counsel to develop and maintain required IT policies, standards and controls that comply with regulatory requirements.
• Provide guidance on data protection for sensitive information and stay informed of emerging regulations and industry standards impacting security practices.
• Lead and develop future leaders within the department.
• Set clear goals, define roles, conduct performance reviews and take appropriate action to achieve operational results.
• Foster talent, promote diversity and ensure effective coordination across cross functional teams.

Benefits

• medical/dental coverage (PPO/HMO)
• vision care
• life insurance
• short- and long-term disability plans
• 401(k)
• tuition reimbursement
• PTO/holidays/health days
• wellness programs