Cyber SecurityRisk ManagementCommunicationDecision Making
About this role
Role Overview
Understand business priorities and activities at BCBST and subsidiaries.
Maintain current knowledge of applicable regulatory and compliance issues related to Information Security.
Plan, develop, document, maintain and monitor progress of Information Security Program components consistent with applicable regulatory and compliance requirements.
Develop, maintain and communicate policies, standards and procedures to manage security functions relative to information technology systems, networks, applications, and voice and data communications that are consistent with applicable regulatory and compliance requirements.
Understand the threat landscape and attack trends as they relate to intelligence gathering, dissemination and defense coordination.
Manage information risk management program including facilitated risk decisions with decision making authorities.
Develop and implement an effective policy compliance monitoring and enforcement program.
Manage the security operations and/or engineering functions including incident response, security monitoring, security design and engineering and security architecture.
Coordinate the use of external resources involved in the performance of security testing (i.e., penetration tests, vulnerability scans).
Ensure that an Information Security training program is addressed as part of the overall compliance training to ensure the organization’s workforce is knowledgeable of Information Security policies, practices and relevant guidance appropriate to their role in the organization.
Develop and report business-relevant metrics to measure the efficiency and effectiveness of the Information Security Program, facilitate appropriate resource allocation and increase the maturity of the security program.
Provide subject matter expertise on a broad range of information security standards and best practices, such as NIST, PCI, ISO 27001, MAR and others as applicable.
Work with Information Security Directors, CISO and appropriate stakeholders to prepare and present relevant information on security as required.
Facilitate and participate in the organization’s Enterprise Security Committee as appropriate.
Manage the process of hiring, developing, and evaluating performance of Information Security department staff.
Establish and manage operating budgets.
Collaborate with other departments across BCBST including Human Resources, Legal, Privacy, Procurement and Compliance to ensure information security alignment across the company.
Requirements
Bachelor's degree in business, Computer Science or equivalent experience required.
5 years of experience leading technical resource teams in diverse disciplines is required.
5 years of experience in information security or related field.
Must possess a solid understanding of Information Technology, Information Security, and Risk Management.
Knowledge of security and control frameworks, such as ISO 17799, COBIT, and NIST Cybersecurity Framework.
Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP), Certified Information Security Officer (CISA) or Certified Information Security Manager Certification (CISM) are required or must be obtained within 2 years of acceptance of position.
Proficient in Microsoft Office (Outlook, Word, Excel and PowerPoint).
Excellent oral and written communication skills.
Strong interpersonal and organizational skills.
Must be a team player, be organized and have the ability to handle multiple projects.
Ability to work independently with minimal supervision or function in a team environment sharing responsibility, roles, and accountability.
Ability to lead and motivate teams to achieve tactical and strategic goals.