Information Security Lead

Description

Information Security Lead

AArete is one-of-a-kind when it comes to consulting firm culture.

We're a global, innovative management and technology consulting firm, with offices in the U.S., India, and the U.K. Our name comes from the Greek word for excellence : " Arete ." And excellence is exactly what we strive for.

Our success starts with enriching and empowering our people. From robust career development planning to competitive life and wellness benefits, AArete's "Culture of Care" takes a holistic approach to the employee experience.

AAretians (our team members) are leaders at every level. You are encouraged to unlock your full potential by directly contributing to our mission and prioritizing space for personal development and fulfillment.

The Role

AArete is looking for an Information Security Lead to own and manage our security program . This role involves managing security operations, identity and access management, disaster recovery, and incident response. This role will also ensure compliance with frameworks like HITRUST, ISO, and SOC2, and align security strategies with business goals. The ideal candidate will drive security improvements, monitor compliance, and work with senior management to evaluate risk and ensure organizational security goals are met. Hands-on experience with AWS is essential .

Work You'll Do

• Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders
• Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals
• Security Program & Operations
• Lead and align information technology (IT) security priorities with the business strategy
• Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity best practices
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs) against HITRUST, ISO, SOC2, etc. frameworks
• Collect and maintain data needed to meet system cybersecurity reporting
• Ensure that security improvement actions are evaluated, validated , and implemented as required
• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment
• Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture
• Establish overall enterprise information security architecture
• Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed
• Establish information security strategies to address organizational security objective
• Identify information technology (IT) security program implications of new technologies or technology upgrades
• Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information
• Interpret patterns of noncompliance to determine their impact on levels of risk and / or overall effectiveness of the enterprise's cybersecurity program
• Manage the monitoring of information security data sources to maintain organizational situational awareness
• Manage threat or target analysis of cyber defense information and production of threat information within the enterprise
• Oversee the information security training and awareness program
• Participate in an information security risk assessment during the Security Assessment and Authorization process
• Participate in the development or modification of the computer environment cybersecurity program plans and requirements
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations
• Recognize a possible security violation and take appropriate action to report the incident, as required
• Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements
• Recommend policy and coordinate review and approval
• Use organization-specific published documents to manage operations of the computing environment system(s)
• Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals
• Continuously validate the organization against policies / guidelines / procedures / regulations / laws to ensure compliance
• Forecast ongoing service demands and ensure that security assumptions are reviewed, as necessary
• Evaluate risk levels and security posture and advise senior management
• Advise senior management on cost / benefit analysis of information security programs, policies, processes, systems, and elements
• Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken
• Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Other duties as assigned

Requirements

Preferred Requirements

Compensation & Benefits

The estimated base salary range for this position is $85,000 - $105,000. In addition to this base salary, individuals may be eligible for an annual discretionary bonus. This range is a part of a competitive, total compensation package together with our Employee Stock Ownership Plan, majority employer-paid benefits, and incentive pay for eligible roles. Please note that this range is a guideline and individual total compensation may vary due to numerous factors including but not limited to experience level, certifications, and other relevant business considerations.

AArete will accept applications until the position is filled. The job posting will be removed once the role is no longer available.

We put humans at the center of our work

We're a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and strategy & change for clients. Our cross-industry solutions are powered by a digital-first mindset, market intelligence, and data-driven approach to deliver purposeful change, actionable insights, and guaranteed results.

But what sets us apart is our people. We are guided by our deeply embedded guiding principles : Excellence, Passion, Loyalty to Clients, Stewardship, Family, Community, Sustainability, and Inclusion.

And we've been recognized as a top firm to work for by companies like Forbes, Top Workplaces Chicago Tribune, and Consulting Magazine.

We've earned a Great Place to Work Certification and been named a World's Best Management Consulting Firm by Forbes, Vault's Top 50 Firms to Work For , Crain's Chicago Business Fast 50, Inc 5000's Fastest Growing Firms , and Consulting Magazine's Fastest Growing Firms .

Learn more about our award-winning culture

We are an Equal Employment Opportunity Employer

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

LI-DNI

Salary : $85,000 - $105,000