Develop, define, and implement the enterprise cyber security architecture, policies, procedures, standards, and controls.
Support contingency planning, business continuity management, and IT disaster recovery.
Monitor advancements in cyber security and information privacy laws and maintain up-to-date knowledge of the IT security industry to ensure organizational adaptation and compliance; design and execute audit procedures and manage compliance testing.
Select, acquire, and oversee the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise's security documents specifically.
Conduct internal security risk assessments and security compliance audits; coordinates third-party audits and questionnaires.
Ensure the confidentiality, integrity and security of the data residing on or transmitted to / from / through enterprise applications, workstations, servers, and other systems and in databases and other data repositories.
Responsible for completion of periodic cyber risk review documentation as part of companywide risk management processes
Overall responsibilities can evolve as the role is implemented
Document, investigate, and report cybersecurity compliance issues, risks, and incidents, where necessary, and managing resolution of security related technology audit findings
Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders including business, security, legal, IT, and customers.
Skills & Qualifications
College diploma or university degree in computer science or a technology-related field or an equivalent amount of work experience
At least 5 years of security-focused experience
One or more relevant security-related designations
Extensive experience in enterprise security architecture design and security document creation
Experience with IT governance, risk, and compliance management methodologies and practices as well as specific operational impacts of cybersecurity lapses
Knowledge of computer operating systems, networking concepts and protocols and network security methodologies