Be responsible for establishing and maintaining the enterprise vision, strategy, architecture, and a multi-year roadmap that ensures that the company’s information assets are adequately protected.
An essential element would be to communicate security at a strategic level to executive management and the Board of Directors and to evangelize security across the business to drive adoption of security best practices.
This position will work from one of our offices in either Allentown, PA or Sarasota, FL and is expected to travel approximately 15 percent of the time, mostly to our U.S. locations and client sites.
- Be the leader in a high-profile role that establishes a world-class information security capability at a growing company that is a leader in its field.
- Lead a high performing team of information security professionals.
- Be a member of a successful and forward-looking IT leadership team.
- Make a significant difference through outstanding information security for the enterprise.
- Develop and implement a strategic, long-term information security strategy and roadmap to ensure that Andesa’s information assets are adequately protected.
- Lead the development of up-to-date information security policies, procedures, standards and guidelines, and oversee their approval, dissemination, and maintenance.
- Interface with Clients and Third-Party Auditors in the review of contracts and all audit activities while coordinating the responses and possible remediation actions.
- Work with senior leaders across the business to assess and communicate acceptable levels of risk.
- Identify, evaluate and report on information security risks, practices and projects to the Senior Team and the Board of Directors, and provide subject matter expertise on security standards and best practices (e.g. FFIEC, Dodd-Frank, SOX, PCI, SOC, SSAE18, NYDFS 23 etc.).
- Develop, mentor, and manage a high performing staff of information security professionals.
- Ensure that the security management program is in compliance with applicable laws, regulations, and contractual requirements.
- Act as the champion for the enterprise information security program and foster a security-aware culture.
- Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
- Partner with enterprise architects, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and guidelines.
- Manage regular intrusion detection and vulnerability reporting, internal and external IT audit groups reviews, and the coordination of all required fixes.
- Develop business metrics to measure the effectiveness of the security management program, and increase the maturity of the program over time.
- Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
- Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.
- Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal matters.
- Oversee and lead the creation, communication and implementation of a process for managing vendor risk and other third party risk.
- Bachelor’s Degree in computer science, engineering, or a related field; (graduate degree preferred).
- Minimum 4 years of IT and/or business leadership experience, and 4+ years of information security/cybersecurity experience.
- A proven track record in developing information security policies and procedures, and successful execution.
- Extensive knowledge of business risk, risk assessment and risk-based decision making.
- Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms).
- A natural influencer and coalition builder; passionate about building high performing teams.
- Ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function.
- Excellent written and verbal communication, interpersonal and collaborative skills.
- Experienced with contract and vendor negotiations.
- Ability to effectively prioritize and execute tasks in high-pressure situations.
- Knowledge of security, risk and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL.
- Security technology acumen and experience including but not limited to: firewall, intrusion detection, cyber-attack tools and defenses, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity and access management, multi factor authentication.
- Professional certifications, such as a CISSP, CISM, CISA.