Director, Chief Information Security Officer
AF Group

Job Info

---

The Chief Information Security (IS) Officer is responsible for building and maintaining the vision, strategy and programs required to ensure information assets are appropriately protected. This role establishes and leads the information security and assurance function, provides oversight for personnel with significant IS related duties and assists senior leadership. Overall, this role ensures that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.

• Drive and maintain the IS risk management function, including the oversight and training of information security personnel, the development of information security programs and the identification and mitigation of information security risks.
• Design a Security Operations Center (SOC) capable of implementing the programs and processes and leading an incident response plan. Develop metrics reporting to communicate effectiveness of SOC to leadership.
• Works proactively with IT, business units, and leaders regarding major systems, strategic and tactical plans, and application changes to ensure that IS standards and issues are addressed early in a project's life and incorporated into the resulting program.
• Leads and aligns programs, processes and strategies to design a threat assessment framework, monitors the emergence of new threats and vulnerabilities, assesses impacts and drives responses as appropriate.
• Establishes an IS and risk management functional capability and framework across the enterprise.
• Ensures that IS and risk is adequately represented on relevant business and governance forums and is known, well-integrated, and addressed across the enterprise.
• Maintains relationships with local, state, and federal law enforcement and other related government agencies regarding cyber security incidents, like ransomware.
• Monitors compliance with IS policies, standards, and processes and enforces remediation of non-compliance.
• Oversees the development and maintenance of IS policies, including standards and processes that fit the organization at all levels.
• Provides vision, leadership, planning, project coordination, and management for the development of a cost-effective department, while concurrently facilitating efficient operations to meet current and future business needs within the organization.
• Represents Company in community and industry, programs, and conferences.
• Functions as the department head in the absence of the executive leader.
• Participates in development of annual departmental budget, monitors budget, and identifies budget discrepancies

EDUCATION AND EXPERIENCE

• Ten years of progressively more responsible experience in an IS environment with demonstrated technical experience
• Five years management or supervisory experience in IS required
• Bachelor's degree in Computer Science or a related field required.
• Certification, such as CISA, CISM, or CISSP preferred
• HITRUST experience preferred
• Experience leading information risk, security and governance teams, transforming functions and changing culture, and leading the response to incidents, crises, and investigations preferred.

QUALIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

OTHER SKILLS AND ABILITIES

• Excellent oral and written communication skills.
• Excellent presentation and facilitation skills.
• Demonstrated leadership and project management abilities.
• Ability to make competent, independent decisions.
• Ability and proficiency in the use of computers and Company standard software specific to position.
• Bilingual skills preferred.
• Deep understanding of the enterprise information security architecture, discipline, processes, concepts, and IS best practices.
• Demonstrated consultative approach to driving change and deploying controls.
• Knowledge of technological trends and developments in IS and risk management.
• Knowledge of information security and risk control frameworks, as well as business continuity and IT disaster recovery frameworks.
• Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction, in a culturally diverse, matrix management environment.
• Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including executive managers and vendors.
• Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion.
• Must demonstrate leadership ability and team building skills to effectively supervise professional and non-professional staff and interact with all levels of management.

SUPERVISORY RESPONSIBILITIES

Directly supervises a varied number of employees in the designated department(s). Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include interviewing, hiring and training employees; planning, assigning and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.

ADDITIONAL INFORMATION

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. This job description does not constitute a contract for employment.

WORKING CONDITIONS

Work is performed in an office setting with no unusual hazards.

PAY RANGE

Actual compensation decision relies on the consideration of internal equity, candidate's skills and professional experience, geographic location, market and other potential factors. It is not standard practice for an offer to be at or near the top of the range, and therefore a reasonable estimate for this role is between $170,100 and $284,900.

We are an Equal Opportunity Employer. Diversity is valued and we will not tolerate discrimination or harassment in any form. Candidates for the position stated above are hired on an \"at will\" basis. Nothing herein is intended to create a contract.

#LI-AD1 #AFG

---