This role can sit anywhere within the United States, 100% remote.
These duties are not meant to be all-inclusive and other duties may be assigned.
- Manage the activities of the GISO Security Engineering team. Manage the defense-in-depth technical controls, identify business risk tolerance, recommend mitigation plans, and communicate information about residual risk.
- Manage a staff of information security professionals, hire and train new staff, conduct performance review, and provide leadership and coaching, including technical and personal development programs for team members.
- Coordinate with business teams (e.g. IT, HR, Engineering) to establish plans to mitigate new cyber risks associate with new business activities. Partner closely with business leadership to effectively communicate alternatives and risk mitigation recommendations.
- Advocate for security policy compliance and risk mitigation during planning sessions and implementation of new services. Oversee projects/technical implementation as needed.
- Manage and support security audits, assessments, contractual requirement analysis, and forensic investigations activities globally. Monitor compliance with existing security policies - proposing changes to improve operating efficiency, regulatory alignment, and risk mitigation.
- Provide thought leadership on all aspects of information security governance, risk, and compliance including PCI, SOX, HIPAA, and industry best practices such as NIST 800-53, ISO 27001, COBIT, NIST 800-171, etc.
- Maintain knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
- Contribute to the development and maintenance of the Global Information Security Strategy.