Location: Corporate (0063)Columbus,Ohio43219,United States (US)
VP, Information Security
PURPOSE OF POSITION:
The VP, Information Security provides the overall definition, guidance, and direction of enterprise-wide technology security strategies to support the business goals and protect the company's assets. This role will partner closely with the CIO to develop the overall IT security program approach and implementation within a rapidly changing enterprise.
This role will lead and have oversight for strategic planning and assessment of information security strategies, policies, procedures for the enterprise. This role oversees both operational and strategic IT security resources, leads the security operations center, provides security architecture and governance assistance to internal initiatives, and represents the company's security requirements with vendors and partners. The complexity of this position requires a leadership approach that is imaginative, collaborative, and resilient, with the ability to work with peer IT leaders to set the best balance between priorities.
TASKS AND RESPONSIBILITIES:The following duties are essential to the successful and satisfactory performance of this job. Other duties may be assigned.
Provide guidance and counsel to the CIO and key members of the leadership team, working closely with senior administration and leaders in defining objectives for information security
Lead the development and implementation of a Security Operations Center to manage the ongoing support of the enterprise
Develop a governance approach, develop standards, and lead efforts to internally assess, evaluate and make recommendations for the security architecture and controls for information technology solutions
Stay abreast of information security issues and regulatory changes, participate in policy and practice discussions, and communicate on a regular basis about those topics
Work closely with the senior leadership team to provide recommendations regarding operations, investigations, and organizational education related to information security
Work with auditors and consultants, as appropriate, on required security assessments and audits
Own and approve the design and operation of information technology security infrastructure
Oversee identity governance and access management standards and practices; ensure internal application development and third-party solution integration compliance with standards, patterns, and practices
Represent the security function in wider IT solution governance committees and product selection due diligence
Lead the approach and review of investigations after breaches or incidents, including impact analysis and recommendations for remediation and avoidance of similar vulnerabilities
Maintain a current understanding of the IT threat landscape for the industry.
Ensure compliance with the changing laws and applicable regulations
Lead the identification of security risks and actionable plans regarding existing information technology assets
Perform IT security risk assessments and reporting on ways to minimize threats
Monitor security vulnerabilities and hacking threats in network and host systems
Ensure cyber security policies and procedures are communicated to all personnel and that compliance is monitored
Manage all teams, employees, service providers, contractors and vendors involved in IT security
Provide training and mentoring to security team members
Continuously update the cyber security strategy to leverage new technology and cyber threat information
Brief the executive team on status and risks, including taking the role of champion for the overall strategy
Communicate best practices and risks related to cyber security to all parts of the company
Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies
MINIMUM EDUCATION:
Bachelor's degree from an accredited institution or equivalent industry experience
MINIMUM EXPERIENCE:
Fifteen (15) years of information technology experience including five (5) years of management experience with solid background in the development and execution of an enterprise-wide information security program
KNOWLEDGE, SKILLS, ABILITIES:
Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
Experience with cloud security technology to protect to legacy and cloud-computing environments Deep understanding of current defense-in-depth security technologies
In depth understanding of SOC 2, HIPAA, PCI, and other related laws and regulations
Experience working in compliance with government requirements and frameworks (FAR, DFARs, and NIST)
Experience in developing and managing phishing campaigns, feedback loops, and training / retesting strategies
Detailed understanding of common of security applications / tools
In depth knowledge of IT technical support and help desk operations; experience managing incident response teams
In depth understanding of computer network technology and network operations regarding security implications, and the interrelationship of NOC / SOC activities
Comprehensive knowledge of cyber threats and attacks experienced by similar organizations
Strong team player who can work across multiple functions and disciplines with rapidly changing priorities and a fast pace of transformation
Ability to understand and explain complex technical processes and security issues to others
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability and executive presence to communicate security and risk-related concepts to technical and nontechnical audiences, from front-line to CEO and Board of Directors
Experience managing remote/virtual teams and partners
PHYSICAL DEMANDS AND WORK ENVIRONMENT: The physical demands and work environment described here are representative of those that must be met and/or encountered by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
FlightSafety is an Equal Opportunity Employer/Vet/Disabled.