Business Information Security Officer – Defense Industrial Base (DIB) Exp

Role Overview

• Develop, drive, and implement Client overall information security program (goals, objectives, and policies) while establishing departmental goals and priorities to execute on that vision.
• Establish a defined, consistent security architecture standard and work with Clients to implement technical controls in line with cutting edge best in class security and privacy standards.
• Drive Client domestic and international projects to meet emerging cyber security requirements, data protection and privacy laws.
• Implement approved policies and procedures to ensure information security efforts are properly coordinated and in compliance to make recommendations for changes and improvements to reduce Client overall security risk.
• Monitor and assess the compliance of Client organizations with information security policies and procedures, while ensuring third-party compliance.
• Oversee Client incident response planning, data loss prevention and remediation of breaches, serving as the focal point for response delivery.
• Implement ongoing Client risk assessment programs targeting information security and privacy matters; recommend methods for vulnerability detection and remediation and perform and/or oversee vulnerability testing.
• Coordinate and deliver information security reporting and assessments as required by regulatory agencies, clients, and management.
• Work with peers across the company to review customer feedback/ requirements and ensure that security strategy and roadmaps are aligned with the security needs of Clients.
• Keep current on the latest security and privacy legislation, regulations, alerts, and vulnerabilities pertaining to the organization. Conduct continual research to maintain knowledge of technology, customer needs and overall requirements.
• Participate in key initiatives and projects to ensure that cybersecurity controls are accounted for early within the project and software development lifecycles.
• Ensure risk assessments are conducted on Client high-risk business applications. Provide escalation for high-risk issues arising from those assessments. Ensure remediation plans are tracked to completion.

Requirements

• Cyber Compliance Assessments & Regulatory Compliance experience specifically NIST 800-171, CMMC and DFARS.
• 10+ years of Cybersecurity experience ideally within the oil industry or Defense Industrial Base Sector, with a background in Security and Compliance.
• Seasoned track record of assessing threat and vulnerability from a business and technical perspective.
• Ability to develop and champion pragmatic security solutions that support growth of the business.
• Experience developing a strategic, comprehensive enterprise information security and IT risk and privacy management program.
• Experience with supporting customer-facing products, not just internal.
• Ability to create a culture of accountability and security.
• Ability to communicate and engage effectively with a diverse audience, including front line technical staff, non-technical staff, management, executives, and vendors/providers.
• Self-starter with the ability to lead tasks with demonstrated ability to work independently.

Tech Stack

• Cyber Security

Benefits

• Salary commensurate with years’ of experience, technical expertise and geographic location.
• Salary range: $150,000 to $190,000.
• Performance bonuses.
• Benefits package that includes 100% paid medical, dental and vision for the employee.
• 401(k) with employer match.
• Strong company culture.
• Flexible PTO policy.
• Flexible working arrangements.
• Annual company overnight retreat.