Vacancy expired!
- Location: Hybrid in Phoenix/Scottsdale, Arizona
- Ensure organizational compliance to required laws and standards including but not limited to HIPAA, PCI, NIST, SOC, and operational standards such as DevOps security.
- Responsible to ensure the IT organization completes environment risk assessments and assesses operations meets the organization’s accepted risk tolerance level.
- Responsible to ensure consistency of meeting the established control processes.
- Responsible to report compliance program performance to IT Executive Management and the IT Governance Committee.
- Responsible for monitoring employee risk management training including security awareness training.
- Establishes, maintains and enforces compliance operating policies organizational information, applicable security procedures and support practices to ensure the quality of compliance services provided.
- Recognizes and identifies potential area where existing policies and procedures require change, or where new ones need to be developed within the IT organization to meet compliance goals.
- Participates in breach event management and responsible to ensure assigned event coordinator completes the incident response procedures including the breach mitigation process.
- Manages software consultants, vendors, and contract management for security and audit vendors.
- Serves as project manager for projects as necessary and responsible for adhering to the established project management methodology.
- Works with resource managers to allocate resources and prioritizes work schedules to accomplish project milestones and deadlines.
- Monitors and reports project status to the IT Director/CIO and IT Management Team as required and shares challenges, accomplishments, staffing requirements and other pertinent information.
- Provides reports to the CIO and other members of the senior leadership team.
- Review compliance with the information cybersecurity policies, controls, and associated procedures.
- Ensures new risks are identified and mitigated in a timely manner;
- Continuously monitors systems and addresses any incidents identified by cybersecurity and IT operations teams.
- Ensure the Community systems and users are in adherence with required cybersecurity standards and contractual agreements made with agencies and entities.
- Able to provide cybersecurity presentations
- Complete cyber risk assessments and studies with analysis and recommendations
- Provide cybersecurity consultation services
- Provides cybersecurity training
- Effectively communicate strategy and operational plans to executives and staff
- Responsible to lead the IT organization in the continuous improvement of the IT Compliance Program.
- Serves as the primary coordination contact for audits, facilitates written responses to audit findings and develop mitigation plans with key stakeholders.
- Provides leadership and promotes shared responsibility across the IT organization with education and program development
- Provides senior leadership to the Cybersecurity Team staff and works closely with operational IT divisions to establish and enforce IT audit and security standards. Evaluates and recommends best in class standards and processes.
- Develop and communicate cybersecurity strategies and plans to the management team, staff, partners, customers, and stakeholders.
- Forms partnerships that help drive the IT compliance strategy forward.
- Responsible effective communication with IT teams, customers and entities involved in audit and the effective operation of the compliance program.
- Knowledge of the history, culture, laws, customs and traditions of the CLIENT’S.
- Knowledge of IT security system configuration, administration and maintenance.
- Knowledge of up-to-date cybersecurity system architecture, technical cybersecurity standards and industry best practices.
- Knowledge of testing and implementing security patches and version upgrades processes.
- Extensive knowledge in enterprise security architecture design and enterprise security document creation.
- Knowledge of, and practical application experience with, network penetration testing.
- Knowledge of CIS Critical Controls.
- Knowledge of NIST controls
- Knowledge of SAS Controls and Audit procedures.
- Knowledge of the development and maintenance of an organizational Cybersecurity Plan.
- Knowledge of cybersecurity best practice standards.
- Knowledge of HIPPA and HIPPA HiTech compliance.
- Knowledge of PCI compliance.
- Knowledge of incident response processes and procedures.
- Knowledge and understanding of project management principles.
- The skill to learn and adapt to the Community needs, style and organizational expectations for conduct and responsiveness
- Solid people management skills – providing direction, monitoring performance, motivating staff and building a positive working environment
- Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
- Digital leadership skills – capable of empowering and leading an IT team to meet business and IT security goals
- A passion for technology and security safeguarding with a desire to deliver
- Skill identifying and working with third-party vendors.
- Skill developing Requests for Proposals (RFP).
- Skill in monitoring an employee cybersecurity awareness training.
- Skill Monitoring and managing vendor performance.
- Skill assessing the impact of new service requests for products and systems.
- Skill providing problem investigation, troubleshooting and problem resolution.
- Skill establishing and maintaining effective working relationships with peers, business partners, customers, vendors and supervisors.
- Skill with excellent verbal and written communication.
- Ability to communicate to all levels of the organization from executives to technical staff.
- Ability to develop and enhance IT policies, procedures and best practices.
- Ability to project manage complex project and initiatives.
- Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
- Ability to perform cybersecurity reviews and coordinate the proper, effective and timely corrective action.
- Ability to provide enterprise cybersecurity strategy, cybersecurity risk and data privacy information and education in a concise and comprehensible manner.
- Ability interpreting the applicability of local and federal laws/regulations as applies to secure company operations. In particular, experience with FedRamp and NIST 800 requirements.
- Ability to assess Business Continuity Plans and Disaster Recovery Plans.
- Ability to assess the administration of the Community’s data cybersecurity awareness program.
- Ability to provide vision, forward-looking insight and leadership regarding strategic infrastructure and data security issues.
- Ability to utilize problem solving techniques, improvisation and creativity to accomplish goals.
- Ability to analyze data, draw logical conclusions and make sound decisions and recommendations.
- Ability to understand human resource management principles, practices, and procedures.
- Ability to work in a team environment.
- Education and Experience: A Bachelor’s degree from accredited college or university in Information Audit and Compliance Management, Information Systems, Management Information Systems, Computer Science or a related discipline.
- Other combinations of experience and education that meet the minimum requirements may be substituted for a Bachelor’s degree.
- Five (5) years of direct work experience in Infrastructure Security Management and IT Cybersecurity Industry Best Practices required.
- Five (5) years of demonstrated expertise performing the following 4 tasks required:
- Five (3) years full time experience demonstrating expertise performing the following tasks required:
- One or more of the following certifications is preferred:
- International Information Systems Security Certification Consortium (ISC)2 Certifications
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Advanced Certificate in Internal and Information Techology Audit
Vacancy expired!