VP Information Security

Job Summary : Leads Information Security program for the organization. Oversees the development, implementation, validating and enforcement of information security policies, standards, and procedures. Monitors compliance of security policies across the organization and works with Audit to develop audit requirements to measure adherence to policies and standards. Builds and implements security awareness programs. Designs and implements controls to mitigate risks and address any gaps identified during risk assessment.

Principal Duties:

• Overall responsibilities encompass:
• • Security Risk Management, Controls, and Audit Management
  • Security Program Management and Operations
  • Strategic Planning, Finance, and Vendor Management
• Continuously assess security risks for the organization, identify and implement/enhance security controls leveraging appropriate policies, standards, systems, and processes.

• Understand compliance requirements/regulations related to data protection & privacy and establish policies/procedures to ensure adherence.

• Continuous awareness of threat landscape and follow-thru to address the same.
• Define and implement Cybersecurity strategy for the organization based on risks and threats.
• Work with IT to manage and maintain the organization's cybersecurity posture with the appropriate level of controls.
• Lead and manage Security Operations Center, including 24X7 cyber security monitoring, SIEM, data protection, endpoint security, threat intelligence and countermeasure deployments.
• Lead and coordinate vulnerability management program.
• Coordinate with IT regularly to address security risks/advisories, provide security requirements for initiatives, review solution designs from security perspective and collaborate to address challenges in implementing/maintaining security controls.
• Establish and continuously enhance Security Incident Response plans/runbook and ensure response readiness.
• Lead Red team/blue team & tabletop exercises and implement steps to address gaps, if any.
• Report to IT Steering Committee/Board on the cybersecurity posture, risks, vulnerabilities, advisories, phishing, and security alerts
• Manage all security tools and ensure availability, reliability, support & fitment. Manage all vendors responsible for security products/services.
• Lead third party penetration test exercises and coordinate to address observations.
• Coordinate and respond to requests from clients, regulators, and internal/external auditors and be lead representative for external audits.
• Participate and perform security assessments as part of vendor risk management program.
• Continuously review and assess cybersecurity risks related to 3rd parties/vendors.
• Lead and coordinate to assess impact, review security posture and track closure of any security incident experienced by 3rd parties/vendors.
• Manage mandatory reporting to federal & state regulatory entities.

• Manage security budgets and resources effectively.

• Recognizes problems by identifying abnormalities; reporting violations.
• Determines security violations and inefficiencies by conducting periodic audits.
• Prepares performance reports; communicating system status; conducting periodic security audits and reviews.
• Maintains technical knowledge by attending educational workshops; reviewing publications.
• Contributes to team effort by accomplishing related results as needed.
• Oversees end-user setup and profile assignment in accordance with security policy.
• Performs procedures and assessments necessary to ensure the safety of information system assets and to protect systems from intentional or inadvertent access or destruction.
• Investigates, documents, and resolves information security incidents. Ensures users understand and adhere to necessary procedures to maintain security.
• Advises management of critical issues that may affect customers, vendors or company.
• Responsible for a deep understanding of business processes and technology used within the assigned areas to ensure that the business is in compliance with regulatory requirements and organization's applicable procedures, processes and standards.
• Performs other ad hoc projects as needed.

Minimum Qualifications: Knowledge, Experience, Skills, and Abilities which are REQUIRED

1.BS/BA in Computer Science, Information Systems or Accounting with at least 5 or more years of leading security organizations and IT Audit experience

Background in information security, IT risk management, network security, or cybersecurity operations. Experience in various cybersecurity domains, such as incident response, vulnerability management, or compliance,

2.Knowledge of IT Audit techniques and industry standards/frameworks (ITSM ITIL, NIST 800, ISO 17799/27000, OWASP, CIS),

3.Knowledge of IT Infrastructure, technologies, processes, reference architectures, and frameworks

4.Knowledge of Sarbanes Oxley and SSAE 16 standards and guidelines

5.Ability to interact effectively with the Information Technology group and communicate with individuals at all levels of management

6.Proven project and program management skills

Strong leadership skills;

Risk management skills. This involves identifying and prioritizing risks, implementing risk mitigation measures, and making informed decisions

Preferred Qualifications: Knowledge, Experience, Skills, and Abilities which are PREFFERED

1.CCISO, CISSP, CISM, CRISC, CPA, CISA, , or CIA certification

Location: Salt Lake City, UT