VP of Cyber Security
The VP of Information Security is responsible for implementing, maintaining, and overseeing the LHM Group’s information security program, including the governance, management, and advisement of information security efforts and strategic vision across the organization. This is a hands-on, working leader role that is accountable for executing and delivering on all Information Security projects.
This position reports to the Chief Information Officer and will lead security risk assessment efforts, oversee the design, implementation and operation of controls to mitigate known risks, drive information security awareness and training programs, and reduce vulnerabilities that could create inappropriate exposure to the business or its customers' data.
The candidate will work closely with the CIO, external partners, and business stakeholders to ensure the information security program follows industry best practices, adheres to all federal and state laws and regulations governing and applicable to the group. The candidate will be responsible for IT security operations, projects, and information security compliance. Security operations include day-to-day activities to mitigate information security risks based on cyber threats to the enterprise and alignment with policies and standards. Security projects are those planned to implement new security services or the growth/transformation of existing security services.
Management and Leadership
· Develop strong working relationships with technology and business partners across multiple locations in support of security, compliance, and audits for the organization.
· Influence vendor and application selection through analysis of technology and security requirements.
· Provide strong positive and collaborative leadership to executive teams, other departments such as legal, support, and IT. Also, lead and manage Information Security teams composed of internal and external resources
· Serve on planning and policy committees.
· Take initiative to identify gaps and changes required to address security threats and compliance with departments and executives.
· Present risk information to executives and advise on remediation.
· Technical ability to lead on architectural and technical design
· Responsible for the review and certification of all Business Continuity Planning and Disaster Recovery plans
· Oversee the secure development, design and implementation of new applications and changes to existing computer systems and software packages including SaaS applications
· Direct and manage computing and information security plans, policies, programs and project schedules
· Continue to build and enhance secure application design and development policies and practices
· Partner with IT to ensure that the technical and security needs of internal systems and services are met
· Develop and maintain security policies and procedures including, but not limited to, incident response plans, business continuity plans, etc.
· Lead the implementation and operation of security services such as vulnerability assessment, threat monitoring and incident response
· Oversee security design and architecture including IaaS and PaaS cloud migrations
· Lead vulnerability, change, and configuration management, for applications and infrastructure
· Oversee administration of security services, including antivirus, IDS/IPS, data loss prevention, and security monitoring.
· First line incident response and support for remediation
· Provide Identity and Access management solutions to ensure appropriate access to sensitive data
· Establish, review, and oversee an actionable and relevant, IT-based, enterprise-wide risk register, control environment, and related artifact strategy to achieve and maintain compliance with regulations while supporting the organization’s operational goals
Security Assessments and Audit Management
· Conduct application assessments (design reviews and pen tests) and lead implementation of associated application security technologies
· Perform risk assessments on new technologies or discovered vulnerabilities
Information Security Awareness
· Implement organization-wide security awareness initiatives and provide timely information to employees and leadership regarding new and emerging threats
· Collaborate with all teams to communicate and enforce security controls
Legal and Governance
· Develop controls in collaboration with legal teams to insure compliance with industry regulations such as GDPR, CCPA, GLBA, and PCI
· Continuously monitor security controls for all IT Security frameworks
Education & Experience
Bachelor’s degree in a relevant field or equivalent years of experience is required. Equivalent years of experience are determined as one year of technical experience for every year of college requested.
· 10+ years - Experience leading teams of technical resources in diverse disciplines is required.
· 5+ years - Experience in information security or related field is required.
· Need to be current and have desire to stay current on trends in the security industry
Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) is required
To perform the job successfully, an individual should demonstrate these competencies to perform the essential functions of this position.
· Leadership - the individual demonstrates ethical behaviors which promotes Larry H. Miller standards resulting in a cohesive and effective team.
· Compliance – the individual understands and adheres to all company standards, state and federal laws and regulations as well as product pricing guidelines of all lenders, agencies or business partners.
· Customer Service - the individual understands his/her role in providing excellent customer service through the defined Larry H. Miller processes which promote efficiencies, fairness and cost effectiveness.
· Ethics/Integrity – the individual represents the Larry H. Miller Group of Companies by conducting his/her self in a professional and courteous business manner that demonstrates integrity and avoids the actual or perception of a conflict of interest.
· Oral Communication - the individual clearly identifies and professionally expresses issues in positive or negative situations.
· Planning/Organizing - the individual prioritizes and plans work activities and uses time efficiently.
· Quality - the individual demonstrates accuracy and thoroughness and monitors own work to ensure quality.
· Dependability - the individual is consistent in their work, follows instructions, responds to management direction and solicits feedback to improve performance.
· Safety and Security - the individual observes safety and security procedures and uses equipment and materials properly. There is an aspect of this job that requires that they are wise about letting people through the secured doors, when to contact public safety, how to respond to difficult drop-in guests, etc.
· Visit https://recruiting.adp.com/srccar/public/RTI.home?d=LHM&c=1081441#/ to apply for this role.