Job description

Position Summary
The Director of Cyber Security and Compliance (DoIS&C) role is to provide leadership for developing, leading and managing security initiatives. He/she directs the planning, engineering, and implementation of enterprise IT eco-system, business operation, and facility defenses against security breaches and vulnerability issues. He/she is also responsible for auditing existing systems, while overseeing and directing the enforcement of security policies, activities, and standards.
This role is responsible for managing internal staff and third-party security vendors and operate technologies employed by the organization and owns key processes such as:

• Security Event Management
• Vulnerability Threat Management (VTM)
• Investigations, Incident Response & Forensics
• Malicious Program Detection & Prevention
• Security Intelligence
• Security Assessments & Penetration Testing
• Security Technology Care & Feeding

This role will oversee all IT compliance efforts and will lead remediation activities associated to regulatory and company policy requirements. He/she will help build a proactive, sustainable compliance management framework and will integrate with other risk functions to establish a holistic program.
This role will build a highly efficient and effective security operational model that includes a world class monitoring and incident response capability. He/she will also establish a framework that helps ensure that the maturity of key operational processes and technologies is continuously measured and improved upon. He/she will work closely with the Corporate Security Officer to build an effective metrics program that measures the security health of the environment, value of the processes/technologies deployed and tracks trends that can be acted upon to improve both preventative and detective capabilities.
This role is responsible for managing key staff and third-party security vendors. And, creates a vision, establishes an overall security strategy, sets goals and objectives, manages performance and deliverables, and develops / mentors staff.
Job Responsibilities
Threat & Vulnerability Management

• Define processes and supporting technology to assist the security infrastructure team to actively monitor for threats and vulnerabilities.
• Proactively identify threats before they impact the organization.
• Integrate continuous threat intelligence into our SIEM tools and processes.
• Enhance and integrate security solutions to automate the detection-to-remediation activities (e.g., Security Event Management optimization and integration with ticketing system).
• Automate vulnerability scanning and integrate into the ticketing system.
• Consistently measure the output from the scanning process and ensure that remediation SLAs are established and met.
• Provide leadership to the engineering and operations security team who is responsible for the care and feeding of many of the security technologies employed at BHI (e.g., Security Event Management, Vulnerability Management, and Malicious Program Detection & Prevention).
• Work closely with security architecture to develop the processes and technologies to prevent and detect malicious software in the environment.
• Build repeatable and sustainable penetration testing processes.
• Establish a framework to drive ongoing security assessment plans.
• Manage security related incidents in the corporate environment that were not mitigated through 1st tier operational activities.
• Provide oversight to the identification, containment and remediation of a security incident.
• Lead investigative activities that involve electronic data.
• Work closely with other risk management functions, legal and HR to support corporate investigations.
• Ensure that forensic evidence is preserved and can be used for legal proceedings if necessary.
• Work closely with the security compliance & controls function to align threat and vulnerability management processes and controls with the compliance requirements facing BHI systems and data.
• Build and enforce security hardening standards.
• Implement preventative and detective controls to mitigate the risk of denial-of-service attacks.

Compliance

• Interpret and ensure organizational knowledge and understanding of regulatory drivers including but not limited to the Health Insurance Portability and Accountability Act (HIPAA)
• Understand control frameworks (e.g., HITRUST, NIST, ISO, and PCI) and how they can be integrated into the overall security program
• Define the governance models, processes and supporting technology that will improve compliance management enterprise-wide
• Lead the efforts to perform recurring technology risk assessments
• Develop corporate policies, procedures and guidelines aligned to regulatory requirements and recognized security standards (i.e., ISO 27001)
• Work closely with business and IT leaders to ensure BHI systems are in compliance with regulations and standards
• Oversee and support project teams and IT process leaders to ensure that remediation efforts meet deadlines
• Prepare executive-level presentations and facilitate technical workshops
• Develop security awareness programs that include security and compliance and span various functional units within BHI
• Integrate with external parties to monitor changes to regulatory mandates that impact IT
• Responsible for execution of control to a satisfactory level and in a timely manner
• Communicate deviations if and when they occur
• Is familiar with SOC 2 compliance and its impact on company policies and processes
• Understands importance of adhering to SOC 2 requirements, and maintains an effort to do so
• Reviews and understands the Employee Handbook, and internal policies that define individual security responsibilities, and maintains segregation of duties in accordance with their role requirements

The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

*
Job Requirements*

• Minimum of 7+ years of experience in information security positions, with 5+ years’ experience in a role providing information security or information risk management services preferred.
• Working knowledge of regulatory requirements, security standards and compliance issues (HIPAA, HITRUST, etc.).
• Experience implementing compliance with industry security frameworks (ISO 27001, PCI, NIST 800-53, and NIST Cybersecurity).
• Prior experience working with cloud security – AWS preferred
• Experience implementing and supporting core Security solutions and processes such as:

• Security Event Management
• Vulnerability Management (e.g., enterprise vulnerability scanners, static/dynamic code )
• Endpoint security technologies
• Advanced malware
• Forensic toolsets
• Firewalls, VPNs and Proxies

• Experience working with Managed Security Service Providers (MSSPs) and ensuring adherence to established service levels.
• Skills required for conducting audits of information systems and their application to ensure accuracy of information and promote operational efficiency.
• Ability to stay abreast of emerging technologies and trends in assigned domain area(s).
• In depth technical knowledge of various aspects and components of information security spanning all layers of the OSI model.
• Experience with IT governance tools and processes.
• Experience with root cause analysis, risk mitigation, security assessments, analysis of security threats, trends and security architecture preferred.
• Proven ability to collaboratively plan, document, and present security strategies, achieve buy-in from IT leadership, and manage the implementation and ongoing support.
• Experience presenting and promoting information security awareness, training and education programs required.
• In addition to security, proficient in other IT control areas (i.e., change management, SDLC, Operations).
• Must be available to work off hours as-needed for 24/7/365 support.
• Bachelor’s degree in computer science, Information Technology, Information Security, or related field required.
• Security certifications such as GIAC, CISSP, CISM, CIPP or CFE preferred. Multiple designations desired.
• Strong analytical, problems-solving, and conceptual skills.
• Excellent written and verbal communication skills, strong customer focus and demonstrated ability to work in geographically dispersed teams.
• Strong teamwork and interpersonal skills; ability to communicate and influence at all management levels and with both technical and non-technical individuals and successfully manage in a cross-functional environment.
• Strong project management and time management skills required.
• Ability to work on numerous projects/activities simultaneously.
• Must be able to make accurate decisions related to task delegation and provide leadership in filling project and/or support team responsibilities.
• Demonstrated ability to build top performing teams and lead through example.
• Able to work across a matrixed environment of internal and contract resources.
• Must be able to mentor engineers in new systems, concepts and technical procedures.

Equal Employment Opportunity It is the policy of BHI to provide equal employment opportunity and advancement opportunities to all colleagues and qualified applicants for employment without regard to race, color, religion, national origin, sex, age, disability, sexual orientation, gender identity, or any other classification protected by the federal, state or local laws

Job Type: Full-time

colinoncars.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, colinoncars.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, colinoncars.com is the ideal place to find your next job.