SVP Information Security at EBSCO Industries Inc. in Ipswich, Massachusetts

Job Description:

EBSCO Information Services (EIS) provides a complete and optimized research solution comprised of e-journals, e-books, and research databases - all combined with the most powerful discovery service to support the information needs and maximize the research experience of our end-users. Headquartered in Ipswich, MA, EIS employs more than 3,300 people worldwide. We are the leader in our field due to our cutting-edge technology, forward-thinking philosophy, and top-notch workforce. EIS, a division of EBSCO Industries Inc., based in Birmingham, AL, is ranked in the top 200 of the nation's largest, privately held corporations according to Forbes magazine. EBSCO is a company that will motivate you, inspire you, and allow you to grow. We are looking for the best. If you are too, we encourage you to explore our unique opportunities.

SVP Information Security

Responsibilities

• Evaluate, enhance and oversee the company's information security and risk management methodologies, strategy, policies, awareness programs, and security goals and metrics 


• Present to the Executive Leadership Team and Audit Committee of the Board of Directors on our security program's status, material matters related to the program, and highlight emerging security risks posed to the business. 


• Evaluate and enhance security awareness procedures and training and ensure communication and compliance globally


• Evaluate, improve and maintain a risk management system that defines how risks are identified, assessed, and managed based on the International Organization for Standardization (ISO) 27001


• Manage 3rd party risks, ensuring regular assessments are completed, and ongoing security posture is appropriately managed


• Coordinate the enhancement and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event


• Ensure that security is embedded in the project delivery process by providing appropriate information security policies, practices, and guidelines.


• Collaborate and assist in developing and executing the global privacy programs in alignment with applicable legal, regulatory, and contractual requirements.


• Manage and contain information security incidents and events to protect company IT assets, intellectual property, regulated data, and reputation. 


• Establish key performance metrics to measure information security, including leading indicators to identify and eliminate future security risks. 


• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action


• Chair the Information Security Council (a group of Information Security, Risk, Infrastructure, and Technology/Operations management that regularly meets and prioritizes remediation of information security-related issues, incidents, and projects).


• Guide the security strategy encompassing our hybrid operating model as we evolve to a cloud-first enterprise


• Partner closely with our Cloud Business Office to ensure a harmonized security posture across our environment

Requirements

• Minimum of 7 to 10 years of experience in a combination of risk management, information/cybersecurity, and information technology jobs (at least five must be in a senior leadership role)


• Bachelor's degree in cybersecurity, engineering, information technology, or a related discipline. 


• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences 


• Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization


• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment


• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives


• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials.


• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, SOX, GDPR, CCPA, SOC 2 as well as those from NIST, including 800-53 and Cybersecurity Framework


• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity


• Must be able to work a flexible schedule and travel domestically and globally to various company locations


• Deep experience with cloud security practices: tooling, strategy, methodology. 5+ years of experience in AWS security preferred. 

EBSCO Industries, Inc.is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws. EBSCO strictly prohibits and does not tolerate discrimination against employees, applicants, or any other covered persons because of race, color, sex (including pregnancy), age, national origin or ancestry, ethnicity, religion, creed, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, training, promotion, discipline, compensation, benefits, and termination of employment.

EBSCO complies with the Americans with Disabilities Act (ADA), as amended by the ADA Amendments Act, and all applicable state or local law.

View EEO PDF