Director of Information Security at National Electrical Benefit Fund in Rockville, Maryland

Posted in Other about 15 hours ago.

Type: full-time





Job Description:

JOB SUMMARY - The Director of Information Security (DIS) is responsible for developing, implementing and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program for the Family of Funds. The DIS is responsible for implementing & enforcing security policies to protect the Funds' assets, applications, systems, technology and critical data. This position will provide the vision and leadership necessary to manage the risk to the organization and will ensure business alignment, effective governance, system and product availability, integrity and confidentiality.

PRINCIPAL DUTIES AND RESPONSIBILITIES
  • Strategic Planning: Develop and implement the organization's information security strategy, aligning it with business objectives and risk tolerance. Identify and prioritize security initiatives, establish security goals, and create a roadmap for their implementation.

  • Risk Management: Conduct regular risk assessments to identify and evaluate potential security threats and vulnerabilities. Develop and implement risk mitigation strategies, including security controls, policies, and procedures. Monitor and manage security risks through ongoing assessments and the implementation of appropriate safeguards.

  • Policy and Procedure Development: Establish and enforce information security policies, standards, guidelines, and procedures. Ensure that they align with industry best practices and regulatory requirements. Communicate and educate employees on security policies, promoting a culture of security awareness and compliance.

  • Compliance and Regulatory Requirements: Stay abreast of relevant laws, regulations, and industry standards pertaining to information security. Ensure that the organization's security practices and controls are in compliance with applicable requirements. Liaise with regulatory bodies, auditors, and stakeholders to address compliance issues and maintain regulatory alignment.

  • Incident Response and Management: Develop and maintain an incident response plan to address and manage security incidents effectively. Establish protocols for detecting, responding to, and recovering from security breaches or other security-related incidents. Coordinate with relevant teams to investigate incidents, implement remediation measures, and report on the outcomes.

  • Security Awareness and Training: Develop and deliver security awareness and training programs for employees at all levels of the organization. Ensure that employees understand their role in maintaining information security and are equipped with the knowledge to identify and respond to security risks.

  • Vendor Management: Assess and manage the security risks associated with third-party vendors and suppliers. Establish security requirements and standards for vendor contracts, conduct security assessments of vendors, and monitor ongoing compliance.

  • Security Governance: Establish and maintain security governance frameworks and structures to ensure effective oversight and accountability. Participate in security committees and provide regular updates to executive leadership and the board of directors on the organization's security posture, risks, and compliance status.

  • Security Incident Reporting and Communication: Develop and implement processes for reporting and communicating security incidents to appropriate stakeholders, including executives, legal counsel, and regulatory bodies. Ensure that incident reports are timely, accurate, and comprehensive.

  • Continuous Improvement: Stay abreast of emerging threats, vulnerabilities, and technologies in the information security field. Continuously evaluate and enhance the organization's security posture, controls, and processes through regular reviews, audits, and testing.

  • Other duties as assigned by the CIO.

REQUIRED AND PREFERRED KNOWLEDGE, SKILLS, AND ABILITIES
  • 10+ years of information security experience
  • Must have 5+ years of leadership experience and a proven track record of building highly effective teams
  • Bachelor's degree in Computer Science or relevant field or equivalent experience required
  • Relevant cybersecurity certifications such as CISSP, CISM and CISA preferred
  • Experience in establishing cybersecurity and risk metrics for reporting
  • Excellent analytical and problem-solving skills
  • Relationship building and team development skills
  • Excellent communication and intrapersonal skills
  • Skilled at strategic planning and goal-setting
  • Presentation skills
  • Solid understanding of data analysis, budgeting, and business operations
  • Demonstrates ability to manage complex issues while maintaining a flexible, positive, and cooperative demeanor
  • Responds promptly to operations leaders and stakeholders to facilitate informed decision-making
  • Troubleshoots assigned issues, gathers evidence and investigates all relevant information with participants, vendors, and internal departments to resolve the problem in a cooperative and collaborative manner
  • Excellent Verbal & Written Communication Skills

More jobs in Rockville, Maryland

Education
about 3 hours ago

FINRA
Other
about 4 hours ago

Thermo Fisher Scientific
Other
about 5 hours ago

Astellas
More jobs in Other

Other
less than a minute ago

Cincinnati Children's Hospital Medical Center
Other
less than a minute ago

Cincinnati Children's Hospital Medical Center
Other
less than a minute ago

Cincinnati Children's Hospital Medical Center