About the Role
Title: Deputy Information Security Officer
Location: Salt Lake City United States
Job category: Information Technology
Requisition number: DEPUT008946
Full-time
Salary: $210,000 USD per year
Job Description:
Salary: $210K DOE + Bonus
Hybrid for Local and Fully Remote in the United States
Essential Duties and Responsibilities
Strategic Leadership:
- Assist the CISO in developing and implementing the overall information security strategy.
- Provide leadership and direction to the information security team, ensuring alignment with organizational goals.
- Collaborate with other departments to integrate security measures into business processes and initiatives.
Program Management:
- Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
- Develop, socialize, and coordinate approval and implementation of security policies.
- Liaise with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.
- Direct the creation of a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program
Security Operations:
- Oversee security operations functions such as threat monitoring, incident response, vulnerability management, and monitoring and risk resolution.
- Ensure the effective management of security technologies, including firewalls, intrusion detection/prevention systems, and endpoint protection.
- Lead efforts to detect, respond to, and recover from security incidents and breaches.
Risk Management and Compliance:
- Assist in the development and maintenance of the organization’s information security risk management framework.
- Ensure compliance with relevant regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS).
- Conduct regular security assessments and audits to identify and mitigate risks.
Policy and Procedure Development:
- Develop, implement, and maintain information security policies, standards, and procedures.
- Ensure that security policies are effectively communicated and enforced across the organization.
Team Leadership and Development:
- Mentor and develop a high-performing information security team.
- Foster a culture of continuous improvement, innovation, and collaboration within the security team.
- Identify training and development opportunities to enhance the skills of team members.
Stakeholder Engagement:
- Act as a key point of contact for information security-related matters across the organization.
- Engage with senior leadership to communicate security risks, strategies, and the status of security initiatives.
- Build and maintain relationships with external partners, including vendors, regulators, and industry peers.
Incident Response and Management:
- Coordinate the development of implementation of cyber / physical incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event.
- Provide direction, support, and in-house consulting on incident response.
- Coordinate with legal, compliance, and public relations teams during incidents that may impact the organization’s reputation or regulatory standing.
Other duties as assigned.
Supervisory Responsibility
This position manages employees and is responsible for the performance management and hiring of the employees.