Provides leadership in all aspects of information security, including engagement in the following initiatives and programs: information security governance, information security and privacy risk management, security awareness and training, incident response and handling, strategic and contingency planning, key performance and risk indicators - metrics, services and products acquisition.
Oversees vulnerability assessments and penetration testing, including performing incident response and security analysis and forensic investigation.
Ensure resulting actions addressing gaps or weaknesses are appropriately assigned and completed in a timely manner to maintain information security.
Champion a culture of cybersecurity awareness with users and technology staff.
Collaborates with leadership to meet enterprise-wide goals and objectives, with particular emphasis on: Cloud and vendor security, risk assessments and corrective actions, regulatory and statutory policy and procedure development / alignment relative to information, security and privacy.
Establishes and maintains an enterprise-wide vision, strategy, architecture, and program for ensuring that information assets are appropriately protected.
Ensures compliance with all applicable federal and state laws, directives, policies and customer requirements regarding the securing of information.
Ensures implementation of the information security plans and manages the operational processes for monitoring and maintaining information security.
Maintains complete awareness of current and developing information security regulations, technology, and threats. This will require a deep technical capability, a commitment to continuous learning, and networking with information security experts.
Coordinates and responds to threat intelligence from local, regional, state and federal Security Operations Centers (SOC), Information and Sharing Analysis Centers (ISAC) and Managed Security Service Providers (MSSP).
Directs staff in the daily monitoring and assessment of our information security readiness.
Oversees senior individual contributors such as Enterprise Architects to provide them with clear vision and goals so that information security is seen as an integral component of enterprise architecture and portfolio management.
Completes and delivers regular information security reports, assessments and briefings as required by regulatory agencies, insurance brokers and financial rating agencies.
Assists with internal and external audits.
Prepares and presents regular information security status reports to Information Systems leadership, Executive Management Team, and Board of Trustees.
Serves as the SAWS HIPPA Security Officer. Implements, manages, and enforces electronic information security directives in compliance with the Health Insurance Portability and Accountability Act (HIPAA).
Ensures that the access control, disaster recovery, business continuity, and risk management needs of the organization are properly addressed as related to electronic protected health information (PHI).
Requirements :
Bachelor’s Degree in Computer Security, Computer Science, Computer Information Systems, Management Information Systems or related field from an institution accredited by a nationally recognized accrediting agency.
Ten years’ experience in Information Security, including 5 years’ experience in the following areas: