Head of Information Security

The Head of Information Security is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure adequate protection of information assets and technologies. The HOIS will lead the development and implementation of security policies, risk management strategies, compliance initiatives, and incident response processes to safeguard our data, systems, and infrastructure.

RESPONSIBILITIES AND DUTIES:

1. Develop, implement, and maintain a comprehensive information security strategy aligned with business objectives.
2. Collaborate with executive leaders to balance business priorities with security requirements.
3. Build, lead, and mentor an effective security team, fostering continuous learning and professional development.
4. Collaborate with departments across the organization to integrate security into roadmaps and ensure timely execution of tasks. Oversee secure software development practices and application security testing.
5. Advocate for security awareness across all levels of the organization, fostering a culture of security-first thinking.
6. Oversee security audits, vulnerability assessments, and penetration testing.
7. Ensure compliance with industry standards such as ISO 27001, SOC2, NIST, and other relevant regulations.
8. Establish and maintain robust security operations, including monitoring, detection, and response capabilities.
9. Enhance and oversee an incident response plan, ensuring timely resolution of security incidents and breaches.
10. Stay current with emerging security trends, threats, and regulatory changes.
11. Responsible for security vendor relationships.

KNOWLEDGE, SKILLS, AND ABILITIES:
10 years of experience in cybersecurity, including leadership roles in security operations, risk management, or compliance.
Industry certifications such as CISSP, CISM, CISA, or equivalent are highly preferred.
Strong knowledge of security frameworks, risk management methodologies, and regulatory compliance.
Experience with cloud security, network security, identity and access management, and threat intelligence.
Strong leadership, communication, and stakeholder management skills.
Ability to translate complex security concepts into business terms for executive leadership and board discussions.
Experience in a SaaS or cloud-based environment.
Familiarity with DevSecOps and secure software development practices.
Knowledge of AI/ML security considerations.
Experience managing security in hybrid cloud and on-premise environments.

EDUCATION AND EXPERIENCE:
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.

WORK ENVIRONMENT & PHYSICAL DEMANDS:
Normal office environment with the use of computers and telephone systems; no unusual physical demands.
Travel to customer locations including overnight, business air travel, and car rental.
Due to the nature of services, work may occur outside of normal office hours and require a flexible schedule to manage the workload.