Responsibilities:

• Ensure the confidentiality, integrity and availability of information by communicating risk.

• Create and maintain enforceable policies supporting processes.

• Ensure compliance with regulatory requirements.

• Coordinate security-related activities with A&F IT-supported agencies. Activities include the evaluation, procurement and deployment of security-related products and the development and coordination of security awareness, disaster recovery and incident response plans.

• Be responsible for the translation and construction of complex security problems into sound technical solutions.

• Provide technical, security and architectural direction to technology/business teams.

• Ensure that development efforts are adhering to established security, design, and compliance standards/requirements.

• Provide insight and guidance on overall secure system design.

• Be responsible for secure infrastructure and application architectures.

• Document, maintain and communicate security architectural requirements.

• Monitor emerging technologies for potential impacts to operations and long-term strategy.

• Identify potential areas of compliance vulnerability and risk; direct the development and implementation of corrective action plans for resolution of identified issues.

• Ensure adherence to legal standards regarding information security compliance; implementing and following industry standards and best practices for security compliance; and developing reliable, efficient and effective project development processes.

• Provide strategic and tactical advice to address existing and evolving security threats.

Required knowledge, skills and abilities include:

• A minimum of 10 years of experience within information technology
• A minimum of 8 years of experience in information security or cyber security; with at least 5 years of exposure to various security frameworks, preferably NIST
• 5 years of managerial, team leadership or supervisory experience in large, matrixed organizations (Ideally overseeing a team of 4 )
• Extensive experience with policies/procedures, application design, information analysis and reporting, networking and systems integration, security control, audits, risk analysis and disaster recovery
• Ability to supervise staff including performance appraisal, employee coaching, training, development and performance management
• Excellent written and verbal communication skills, with a proven ability to translate security and risk to all levels of the business in technical and non-technical terms
• Ability to develop and maintain effective working relationships with a variety of stakeholders