Overview

Leads a multi-disciplined, highly technical team in development, implementation, compliance and maintenance of the organizations cloud infrastructure and information security. Responsible for managing risks related to cyber security, network security, physical security, business continuity planning, crisis management, privacy, and compliance. Focuses on the technology selection, deployment and operations that ensure the infrastructure environments support targeted levels of availability, capacity, continuity, security and follow the strategic direction.

Responsibilities

The list of essential functions, as outlined herein, is intended to be representative of the duties and responsibilities performed within this classification. It is not necessarily descriptive of any one position in the class. The omission of an essential function does not preclude management from assigning duties not listed herein if such functions are a logical assignment to the position.

• Partners closely with the Executives, Product Management Team and Quality Systems Team to institute product development processes and systems which ensure rapid and successful development and deployment of BECS
• Works closely with the leadership team to define strategic planning process, aligning the technology vision and strategy with product and business direction, customer service strategy, growth strategies
• Oversees all aspects of the Information Security Program, including developing and implementing security standards, incidence response playbook, policies, processes, procedures and guidelines for the organization
• Ensures and monitors security compliance within industry and government rules and regulations and provides regular reporting on current state of information security program to senior leadership as appropriate
• Establishes metrics and a reporting framework to measure the efficiency, effectiveness, and maturity level of the program
• Evaluates security trends, evolving threats, risks, vulnerabilities and improvement opportunities
• Investigates all security incidents and leads the immediate response and escalation accordingly to senior leadership; proactively drives improvements in incident identification and response capabilities
• Leads the penetration testing, incident handling/digital forensics, continuous monitoring, intrusion detection/prevention, and vulnerability management
• Ensures the effectiveness of data backup, recovery, and business continuity capabilities
• Engages with external auditors and vendors to ensure the organization has the certifications expected of a successful, innovative SaaS company and leads annual auditing and certification processes
• Develops and delivers targeted security awareness and training programs for stakeholder groups
• Stands as the primary point of contact for all customer-related security and compliance questions
• Collaborates with the engineering and product teams to apply a “shift-left security strategy” in the software development lifecycle
• Helps to establish Service Level Agreements and ensure adherence to these standards by monitoring metrics and reporting that information to Senior Leadership
• Leads the planning and execution of the IT OPEX budgeting process
• Contributes to the design, documentation and testing of Business Continuity and Disaster Recovery planning
• Forecasts system demands and recommends upgrades, expansions and reconfigurations of the organization’s cloud infrastructure
• Leads governance and automation efforts to minimize manual work, and ensures transparency in all aspects of the IT infrastructure ecosystem
• Performs on-call responsibilities and after-hours duties as necessary.

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty and responsibility satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

EDUCATION AND/OR EXPERIENCE:

Bachelor’s degree in Information Systems, Security, Business, Engineering, Computer Science or related field from an accredited college or university; supplemented by fifteen (15) or more years of experience in secure development/application security and Cyber Security Operations, IT infrastructure management, including at least five (5) years of management or leadership experience or an equivalent combination of education, certification, training, and/or experience.

CERTIFICATES, LICENSES, REGISTRATIONS AND DESIGNATIONS:

CISM (Certified Information Security Manager) or CISA (Certified Information Security Auditor) or equivalence preferred, and CISSP (Certified Information Systems Security Professional) or equivalence preferred in a combination of one or more of the above listed certifications.

KNOWLEDGE, SKILLS AND ABILITIES

• Ability to run the information security office analyzing and applying information security, risk management, and privacy practices
• Ability to formulate, initiate, and administer policies and procedures for effective fiscal control
• Knowledge of AWS Well Architected Framework and Cloud application development standard methodologies
• Knowledge of Kubernetes Microservices architecture and security control in such an environment
• Ability to design and apply tools, techniques, and procedures to maintain the highest standards in IT security and compliance
• Knowledge of Cybersecurity Operations in managing and interacting with multiple disciplines, including Cyber Defense, Cyber Intelligence and Analytics, Cloud Threat Management, Adversary Simulation, Detection and Response Engineering, Email Security, Endpoint Security, and Behavioral Analytic
• Knowledge of complex systems, platform engineering, servers/storage, network and cloud operations
• Knowledge of information security management and systems monitoring tools
• Knowledge of IT compliance areas like PCI, DSS, SOX, and HIPPA, etc.
• Ability to manage high-performing IT operations teams; strong executive presence, excellent analytical skills and attention to detail; effective verbal and written communication skills; and strong interpersonal skills including facilitation and negotiation
• Ability to travel up to 40% of the time.

PHYSICAL REQUIREMENTS

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Ability to exert light physical effort in sedentary to light work, which may involve some lifting, carrying, pushing and/or pulling of objects and materials of light weight (up to 20 pounds).

ENVIRONMENTAL REQUIREMENTS:

The work environment characteristics described here are representative of those an employee may encounter while performing the essential functions of this job.

Functions are regularly performed inside without potential for exposure to adverse conditions, such as inclement weather, atmospheric elements and pathogenic substances. The noise level in the work environment is usually moderate.