Responsibilities
- Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization’s business objectives, and ensures senior stakeholder buy-in and mandate
- Develops and enhances an up-to-date information security management framework based on, but not limited to, the following: International Organization for Standardization (ISO) 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT, CMMC, and National Institute of Standards and Technology (NIST) Cybersecurity Framework.]
- Coordinates the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas
- Collaborates with IT, cloud, and engineering teams to design and implement security controls that enable cost-effective business initiatives and reduce risk in our products and applications.
- Manages the cost-efficient information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management, and annual performance reviews…
Qualifications
- Demonstrated experience and success in senior leadership roles in information security, risk management, and IT or OT security.
- Knowledge of information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
- Demonstrated experience leading support and response to external security audits…
