Job details

Job Description:

FUNCTION & SCOPE:

The Deputy Information Security Officer is responsible for evaluating, implementing, and maintaining The Research Foundation's (RF) information security policies, controls, measures, and protocols to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in our digital ecosystem. Reporting to the Chief Compliance Officer and working with the Chief Information Officer, the Deputy Information Security Officer is responsible for identifying, evaluating, and reporting on cybersecurity risks to appropriate stakeholders, while supporting and advancing business objectives.

This position requires a dynamic, outgoing self-starter with proven leadership skills and a strong working knowledge of cybersecurity technologies, policies, and industry standards. The incumbent will proactively work cross functionally with the IT and Compliance departments, security partners, and agencies, to implement practices that meet leadership approved policies and standards for information security. The successful candidate must have experience working in a fast-paced corporate environment and will be responsible for a variety of cybersecurity and risk management activities with a high degree of integrity to ensure regulatory compliance and continuity of RF operations.

A key element of the role is working with key stakeholders to determine acceptable levels of risk for the organization. The incumbent must have a background and understanding of IT network architecture, enterprise applications, and cybersecurity tools, and must be knowledgeable about both internal and external business environments in order to ensure that information systems are maintained in a fully functional and secure mode and are compliant with organizational cybersecurity standards as well as all legal, regulatory, and contractual obligations.

The ideal candidate:

• Acts ethically and with integrity: Has a high level of personal integrity, the ability to professionally handle confidential matters, and has keen judgment and maturity consistent with the RF's values and code of conduct.
• Leads through service:  Is a thoughtful leader, builds bridges and strives for consensus between business and technology with experience integrating people, processes, and technology amongst disparate drivers, constraints, and personalities while maintaining objectivity.
• Understands the business: Is a business leader, and should have a track record of competency in the field of information security with six to ten years of relevant experience, including five years in an information security leadership role.
• Communicates and listens:  Has excellent written and verbal communication, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists. Is a strategic leader and builder of both vision and bridges and is able to work with little direction and energize the appropriate teams in the organization.
• Knows the job:  Has an understanding of the business and a strong knowledge of information security risk management and cybersecurity technologies. Has up-to-date knowledge of methodologies and trends in both business and IT and a proven track record in developing information security policies and procedures and has successfully executed security programs that meet business objectives.
• Exhibits grace under pressure:  Has poise and has the ability to act calmly and competently in high-pressure, high-stress situations.
• Thinks and acts critically:  Must be a critical thinker, with strong problem-solving and analytical skills and the ability to manage multiple projects under strict timelines. Also must have the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Moves people:  Has project management skills: financial/budget management, scheduling, and resource management with experience leading and motivating teams responsible for the implementation of information security initiatives to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.
• Can bend spoons: Has the ability to influence entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital.

Requirements:

EDUCATION & EXPERIENCE

• Minimum of six to ten years of experience in information security with at least five in leadership or a supervisory role.
• Degree in information security, business administration, or a technology-related field, or equivalent work or education-related experience.
• Professional security management certification is preferred, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials.
• Knowledge of common information security management frameworks, specifically the NIST Cybersecurity Framework (CSF), NIST 800-171, and CMMC 2.0.
• Excellent stakeholder management skills.
• High degree of initiative, dependability, and ability to work with little supervision while being resilient to change.

Compensation for this position: The compensation for this role is between $137,189 to $175,114. The pay will depend on a variety of factors that may include but are not limited to experience, education, training, and certifications.