Description
The Head of Information Security, acting in the role of the Chief Information Security Officer (CISO) is one in wanting to make a difference, by bringing together technical capabilities, organizational skills, and the ability to effect stakeholder management across all business lines. The protection and security of Intercept’s information assets lies at the heart of this role. You will be expected to understand how to implement a holistic risk based security program providing business flexibility, and underpinning the holistic activities of the Information systems transformation program and will lead the global Information Security Strategy. Responsible for developing and delivering effective security governance processes that minimize the likelihood of significant security incidents and ensure that, should an incident occur, it is detected and dealt with swiftly and effectively.
Responsibilities
- In conjunction with the CEO and peers in Information Technology (IT) and other relevant stakeholders, provide leadership and direct the development and implementation of the Information Security Program for Intercept
- Identify the universe of IT risk to contribute to the execution of the IT risk management strategy in support of business objectives and in alignment with the enterprise risk management (ERM) strategy
- Proposes Security policies, standards, and procedures related to information systems security, including Incident Response
- Directs all phases of planning and accomplishment of the information systems security functions and activities of the Program
- Supervises assigned staff and coordinates with other IT Teams
- Directs the assessment of information systems to ensure that appropriate security functions have been included in the systems design and architecture
- Establishes, monitors and evaluates the performance of information systems in support of information systems security program accomplishments based on appropriate measures.
- Determine risk response options and evaluate their efficiency and effectiveness to manage risk in alignment with business objectives
Essential Requirements
- This position requires a B.A./ B.S. in Computer Science, Computer Engineering, Information Security, Intelligence Analysis or Cyber Security or other relevant field
- Overall 10+ years of professional experience with 7+ years in Information & Cyber Security
- Experience in and knowledge of industry frameworks and regulations (NIST, ITIL, ISO, COBIT, SOX, GDPR)
- CISSP/CISM/CISA or equivalent certification is a plus
- Advanced skills and established experience in IT security and risk management (understanding risk assessment, legal and regulatory requirements, threats, vulnerabilities, security policies etc.)
- Deep understanding of infrastructure components, including infrastructure security components (e.g. Network security, Firewalls, IDS, IPS etc.)
- Deep understanding of security architecture standard methodologies
- Demonstrated experience with information security tools (SIEM, signature development)
- Demonstrated experience with networking, system administration, architectures and security elements
- Experience with protected health information or personally-identifiable information is a plus
