Vice President, Information Security at FlightSafety International Inc in Columbus, Ohio

Job Description:

Requisition 23194

Location: Corporate (0063)Columbus,Ohio43219,United States (US)

VP, Information Security

PURPOSE OF POSITION:

The VP, Information Security provides the overall definition, guidance, and direction of enterprise-wide technology security strategies to support the business goals and protect the company's assets. This role will partner closely with the CIO to develop the overall IT security program approach and implementation within a rapidly changing enterprise.

This role will lead and have oversight for strategic planning and assessment of information security strategies, policies, procedures for the enterprise. This role oversees both operational and strategic IT security resources, leads the security operations center, provides security architecture and governance assistance to internal initiatives, and represents the company's security requirements with vendors and partners. The complexity of this position requires a leadership approach that is imaginative, collaborative, and resilient, with the ability to work with peer IT leaders to set the best balance between priorities.

TASKS AND RESPONSIBILITIES: The following duties are essential to the successful and satisfactory performance of this job. Other duties may be assigned.

• Provide guidance and counsel to the CIO and key members of the leadership team, working closely with senior administration and leaders in defining objectives for information security


• Lead the development and implementation of a Security Operations Center to manage the ongoing support of the enterprise


• Develop a governance approach, develop standards, and lead efforts to internally assess, evaluate and make recommendations for the security architecture and controls for information technology solutions


• Stay abreast of information security issues and regulatory changes, participate in policy and practice discussions, and communicate on a regular basis about those topics


• Work closely with the senior leadership team to provide recommendations regarding operations, investigations, and organizational education related to information security


• Work with auditors and consultants, as appropriate, on required security assessments and audits


• Own and approve the design and operation of information technology security infrastructure


• Oversee identity governance and access management standards and practices; ensure internal application development and third-party solution integration compliance with standards, patterns, and practices


• Represent the security function in wider IT solution governance committees and product selection due diligence


• Lead the approach and review of investigations after breaches or incidents, including impact analysis and recommendations for remediation and avoidance of similar vulnerabilities


• Maintain a current understanding of the IT threat landscape for the industry.


• Ensure compliance with the changing laws and applicable regulations


• Lead the identification of security risks and actionable plans regarding existing information technology assets


• Perform IT security risk assessments and reporting on ways to minimize threats


• Monitor security vulnerabilities and hacking threats in network and host systems


• Ensure cyber security policies and procedures are communicated to all personnel and that compliance is monitored


• Manage all teams, employees, service providers, contractors and vendors involved in IT security


• Provide training and mentoring to security team members


• Continuously update the cyber security strategy to leverage new technology and cyber threat information


• Brief the executive team on status and risks, including taking the role of champion for the overall strategy


• Communicate best practices and risks related to cyber security to all parts of the company


• Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies

MINIMUM EDUCATION:

• Bachelor's degree from an accredited institution or equivalent industry experience

MINIMUM EXPERIENCE:

• Fifteen (15) years of information technology experience including five (5) years of management experience with solid background in the development and execution of an enterprise-wide information security program

KNOWLEDGE, SKILLS, ABILITIES:

• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)


• Experience with cloud security technology to protect to legacy and cloud-computing environments Deep understanding of current defense-in-depth security technologies


• In depth understanding of SOC 2, HIPAA, PCI, and other related laws and regulations


• Experience working in compliance with government requirements and frameworks (FAR, DFARs, and NIST)


• Experience in developing and managing phishing campaigns, feedback loops, and training / retesting strategies


• Detailed understanding of common of security applications / tools


• In depth knowledge of IT technical support and help desk operations; experience managing incident response teams


• In depth understanding of computer network technology and network operations regarding security implications, and the interrelationship of NOC / SOC activities


• Comprehensive knowledge of cyber threats and attacks experienced by similar organizations


• Strong team player who can work across multiple functions and disciplines with rapidly changing priorities and a fast pace of transformation


• Ability to understand and explain complex technical processes and security issues to others


• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability and executive presence to communicate security and risk-related concepts to technical and nontechnical audiences, from front-line to CEO and Board of Directors


• Experience managing remote/virtual teams and partners

PHYSICAL DEMANDS AND WORK ENVIRONMENT: The physical demands and work environment described here are representative of those that must be met and/or encountered by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

FlightSafety is an Equal Opportunity Employer/Vet/Disabled.