Job Details

The IT Security Officer and Director (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This role will oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, and other groups, and will identify security initiatives and standards.

Key Responsibilities :

1. Develop and Implement Security Strategy :
2. Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
3. Work with senior management and corporate risk governance teams to determine acceptable levels of risk for the organization.
4. Collaborate with other departments to ensure security measures are integrated into all aspects of the organization's operations.
5. Stay current with emerging security trends, threats, and technologies, and recommend enhancements to the security program.

Security Operations :

1. Lead incident response planning and investigation of security breaches and assist with any associated disciplinary and legal matters.
2. Direct the installation and use of security tools (e.g., firewalls, data encryption, IDS/IPS) to protect sensitive information.
3. Monitor and manage security systems and tools to detect and respond to security threats and incidents.
4. Conduct regular security assessments and vulnerability scans to identify and mitigate security risks.
5. Conduct thorough investigations of security breaches and incidents, implementing corrective actions and documenting findings.
6. Provide security awareness training and education to employees to promote a culture of security.
7. Prepare and present regular reports on the status of the information security program to senior management.

Compliance and Governance :

1. Ensure compliance with changing laws and applicable regulations.
2. Coordinate and track all information technology and security-related audits, including scope, involved units, timelines, auditing agencies, and outcomes.
3. Manage and continuously improve information security governance processes.

SOX Audits :

1. Oversee IT's internal controls for SOX (Sarbanes-Oxley) audits to ensure compliance with financial reporting requirements.
2. Work closely with internal and external auditors to provide necessary documentation and evidence of IT controls.
3. Identify and remediate deficiencies in IT controls to maintain SOX compliance.

HIPAA Compliance :

1. Ensure compliance with HIPAA by implementing and maintaining robust security measures.
2. Conduct regular audits and assessments to ensure the protection of PHI.
3. Provide training and resources on HIPAA compliance to staff.

Risk Management :

1. Identify and assess risks to the organization's information and IT assets and recommend mitigation strategies.
2. Develop and maintain the enterprise IT risk register.

Team Leadership and Development :

1. Oversee the selection and training of information security staff.
2. Develop security awareness programs and communicate their importance to employees.

Liaison and Coordination :

1. Act as a liaison with senior management and the board of directors, ensuring security issues are prioritized and budgeted appropriately.
2. Coordinate security initiatives with other departments for integrated risk management.

Security Architecture :

1. Collaborate with the IT department to design and implement secure IT architectures and networks.
2. Ensure security strategies align with organizational goals.

Qualifications :

• Bachelor's degree in Computer Science, Information Systems, Business Administration, or related field.
• Minimum of 10 years in risk management, information security, and IT roles, with at least five years in a senior leadership role.
• Professional security management certifications such as CISSP, CISM, CISA, or similar.

Skills and Abilities :

• Strong understanding of current and emerging security technologies and their business applications.
• Excellent project management, organizational, and leadership skills.
• Effective communication skills for technical and non-technical audiences.
• Ability to influence and build consensus across all organizational levels.

Personal Attributes :

• High integrity and ethical standards.
• Strong analytical and problem-solving skills.
• Calmness under pressure.
• Commitment to continuous learning.