Vice President, Cybersecurity

About The Position

Requirements

• Advanced knowledge of threat detection and response, vulnerability management, risk management and security architecture
• Strong understanding of cloud security, identity and access management and modern endpoint and email security platforms
• Proficiency in developing metrics, KPIs and executive-level reporting
• Excellent communication, facilitation and stakeholder management skills
• Bachelor’s degree in cybersecurity, information security, computer science, or a related field preferred
• Minimum ten (10) years of experience in cybersecurity leadership and/or senior security engineering roles required
• CompTIA A+ Certification or equivalent required
• Microsoft Certified Professional (“MCP”) preferred
• Demonstrated ability to lead complex cybersecurity programs; coordinating major security incidents and response activities
• CISSP Certified Information Systems Security Professional (CISSP) certification required
• Certified Information Security Manager (CISM), Cloud Security Certification (CCSP), Global Information Assurance Certification (GIAC), or Information Technology Infrastructure Library (ITIL v4) experience preferred
• Experience integrating security awareness platforms (e.g., KnowBe4) with Microsoft Defender and email security controls
• An equivalent combination of education, training and experience may be considered

Nice To Haves

• Microsoft Certified Professional (“MCP”)
• Certified Information Security Manager (CISM)
• Cloud Security Certification (CCSP)
• Global Information Assurance Certification (GIAC)
• Information Technology Infrastructure Library (ITIL v4) experience

Responsibilities

• Leads the development, execution and continuous improvement of IHA’s enterprise cybersecurity strategy, roadmap and operating model with authority to set priorities and recommend investments; delivers annual roadmap milestones and reduces identified enterprise cyber risks
• Oversees security operations, including Security Information and Event Management (SIEM), Managed Detection and Response (MDR) and Security Operations Center (SOC) services, vulnerability management, and incident detection, response and recovery; empowered to activate response plans and engage external sources as needed to reduce severity of security incidents and increase timely closure of corrective actions
• Coordinates and leads tabletop exercises and disaster recovery drills, ensuring lessons learned and corrective actions are documented and implemented
• Owns and governs cloud-based and on premises security architecture, approving designs and control decisions to ensure secure-by-design principles and defense-in-depth controls with reduction in critical and high-risk findings and conformance with approved architecture standards
• Establishes, maintains and enforces cybersecurity policies, standards and control frameworks aligned with the System and Organization Controls (SOC) 2, National Institute of Standards and Technology (NIST), Cybersecurity Framework (CSF), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH) requirements, as applicable for successful audit results, ideal compliance posture, and timely remediation of control deficiencies
• Manages third party cybersecurity risk, including vendor assessments, tool evaluations and ongoing risk monitoring with authority to approve risk treatment recommendations within defined thresholds
• Measures, reports and communicates cybersecurity risk posture through meaningful metrics, key performance indicators (KPI), executive dashboards and playbooks, translating technical/cyber risk into business, operational, financial and reputational impact for executive stakeholders
• Partners with Human Resources and Marketing Communications to design and deliver an effective, organization-wide security awareness and training program ensuring high completion rates, phishing simulation outcomes, and reduction in user-driven security incidents
• Engages in continuous learning to stay current with evolving threats, technologies and regulatory expectations and proactively adopts relevant controls and provides informed recommendations to leadership
• Models and promotes safe work practices, including proper workstation ergonomics, to support employee well-being and injury prevention
• Performs other related duties as assigned to support departmental and organizational goals