This position will be responsible for the development and delivery of a company-wide, comprehensive information security and privacy program. The emphasis of this position is on policy development, program administration and compliance/incident response activities.
Primary Responsibilities:
- Manage the process of identifying and assessing the risks affecting the business.
- Design and implement an overall risk management process for the organization (ERM program).
- Evaluation of security requirements and solutions for processing sensitive information.
- Propose, coordinate, implement and enforce information security policies & methodologies.
- Provide oversight and support to Information Security Officer.
- Ensure application security reviews are conducted and findings addressed.
- Responsible for the Disaster Recovery and Business Continuity Programs of the organization.
- Responsible for oversight of annual SSAE – 16 SOC 1 audit, HIPAA compliance, etc.
- Lead efforts to achieve a SOC 2 and SOC 3 certification.
- Provide information security reporting to senior team; includes security risk and issues.
- Ensure tracking, resourse allocation and remediation of all related audit findings.
- Involvement and participation in the security incident management process as required.
Essential Skills:
- A detailed knowledge of the general tools and techniques of risk management.
- Knowledge and experience with SSAE – 16, HIPAA, Electronic Medical Records, etc.
- Working knowledge and experience in the policy and regulatory environment.
- Experience with best practices pertaining to data classification, data access controls, data stewardship and privileged access management and monitoring.
- Knowledge of systems development lifecycle and associated tools.
Education and Experience:
- Bachelor degree required, Master’s degree preferred in associated field.
- At least ten (10) years’ experience in information security or information risk management.
- At least five (5) years’ relevant work experience (life insurance/finance industry).
- Appropriate professional certification preferred.