VP IT Security and Risk Management (Hybrid)

About The Position

Requirements

• Expert knowledge of current IT Security techniques, software, and hardware.
• Ability to plan and control projects.
• Knowledge of risk management and cybersecurity frameworks, including NIST-CSF, ISO-27000, SOX, BASEL II, EU DPD, HIPAA, and PCI D.
• Requires excellent verbal and written communication skills, previous leadership of multiple, large, cross-functional teams, and excellent time management abilities.
• Demonstrate initiative, exercise good judgment, exhibit strong profit orientation, and have the ability to achieve results through influencing others.

Nice To Haves

• Security specific certifications, including CISSP, GIAC, or equivalent designation.

Responsibilities

• Assists the SVP, IT Enterprise Strategy and Execution, in managing day-to-day information security, cyber risk management, and incident response activities.
• Responsible for the daily activities, priorities, and coordination of activities of managers and staff in the security and risk management area.
• In alignment with business plans, evaluates the enterprise information security program, identifies gaps, develops short-term corrective plans and long-range strategies, and reports on program health to internal and external stakeholders.
• Leads planning and response to disaster recovery events and security incident response.
• Identifies, manages, and communicates security incidents to key stakeholders.
• Maintains business impact analyses and business crisis plans.
• Responsible and accountable for establishing, updating, and delivering a security awareness and training program.
• Develops, maintains, and enforces information security policies and procedures in alignment with stated risk appetite, changes in threats, and overall compliance goals.
• Oversees all security audits and tasks.
• Participates in the technical aspects of all IT-related audits and supports internally and externally managed audit activities.
• Collaborates with key business and IT leaders to assess, document, and act on information security risks, in alignment with stated risk appetite.
• Reports to stakeholders on monitored risks as appropriate.
• Responsible for planning, delivering, operating, and monitoring security technology, processes, and controls.
• Oversee the planning, administration, and performance of the information security and risk management budget, ensuring alignment with organizational priorities and optimal resource utilization.

Benefits

• Comprehensive health care plans
• Retirement savings plan with company match
• Discounted Employee Stock Purchase Program
• Tuition assistance and reimbursement programs
• Paid time off plans