RESPONSIBILITIES:

• Conduct a thorough assessment of the company’s security needs, priorities and opportunities in order to visualize, create, and execute on an information security program
• Design and develop an information security roadmap to align and scale with company growth
• Lead security assessment and testing processes, including but not limited to penetration testing, vulnerability management, and secure software development at a global level
• Plan for and manage incident response plans while minimizing the effect on the business
• Develop and extend security tooling and automation efforts across the organization
• Proactively identify security issues and potential threats and continuously build processes and design systems to watch for and protect against them
• Lead compliance activities including external audits, regulatory compliance projects, and overall information security reviews
• Educate the organization about these threats and implement threat protection measures
• Serve as a cross-functional leader and provide direction to key, accountable stakeholders in a matrix environment with dotted-line reports embedded within the business
• Serve as the information security expert in front of the Executive team
• Advocate for secure application and infrastructure best practices, ensuring a security presence at all stages of the software development lifecycle
• Manage relationships with external information security technology vendors and specialized information security professional services firms
• Attract, develop, and retain a highly talented team as the information security program grows

• Master's degree in cybersecurity, information management, information technology, computer science, engineering, business management, or related fields.
• 8 years of relevant experience in the information security space.
• 4 years of progressively responsible management and/or leadership experience in information security or network administration which includes two years of supervisory experience. Experience with an institution of higher education is preferred.
• Professional certification or equivalent in information security, preferably in CISSP (Certified Information Systems Security Professional), CISM/A (Certified Information Security Manager/Auditor), CompTIA Security , Certified Ethical Hacker, or CCSP (Certified Cloud Security Professional), Certified Intrusion Analyst (GCIA).

KNOWLEDGE, SKILLS AND ABILITIES

• Experience developing, maintaining, and implementing an Information Security Program (ISP) including policy and strategy development, preferably in higher education.
• Experience addressing information security-related issues involving identity and access management, intrusion detection, forensics, incident management, risk management and/or auditing.
• Experience evaluating and providing guidance on information security software and hardware acquisitions, IT services, cloud-based solutions, and mobility
• Knowledge of security assessment and testing tools.
• Experience with developing and managing an information security awareness and training program.
• Experience with information security and compliance-related issues (e.g. FERPA, HIPAA, PCI-DSS, GLBA, copyright and software piracy).
• Experience in managing and negotiating vendor contracts and agreements.
• Ability to communicate effectively in writing and oral presentations.
• Strong business acumen and a collaborative, influential partner able to educate, build relationships, and foster the adoption of sound security practices (commitment compliance).
• Expert experience with cloud security, platforms, and services, including understanding of current security offerings from leading cloud service providers (e.g. AWS, Azure, etc.), and their applicability to securing a SaaS enterprise security environment.
• Experience in the evaluation and implementation of industry-standard enterprise-wide information security technologies and concepts, including but not limited to: SEIM, Application Security, Cloud Security (AWS), Data Loss Prevention, Security Event Management, Threat and Vulnerability Management and Identity and Access Management.
• Clear understanding of relevant information security governance, technical and security standards and regulations Familiarity with industry security standards and compliances including OWASP, FedRAMP, AICPA SOC, NIST 800-53, 800-171 ISO 27001, CMMC, and ISO 27018 as well as current data privacy regulations, including GDPR and regional standards. Deep knowledge of networking and network security.
• Strong understanding and experience with Secure SDLC and DevSecOps or security automation Ability to work under pressure across multiple stakeholders.
• Excellent written and communication skills and ability to communicate across all levels of an organization.
• Must be authorized to work in the United States for any employer. We are not offering sponsorship now or in the future.