Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
Manage the enterprises information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management and annual performance reviews.
Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
Develop and manage information security budgets and monitor them for variances.
Create, communicate, and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software.
Intermediate to expert level knowledge on leading industry standards such as NIST, ISO 27001:2022 , Privacy standards like GDPR and ISO
Manage SOC related activities and periodic reporting to management.
Security Incident management and reporting.
Audit management both external and internal audits.
