Director of Information and Cyber Security

This person is responsible for the overall Information Security program. Also responsible for initiating ongoing reviews and updates of the IT policies and procedures, participating in vendor risk assessments and maintaining the IT portion of the Company's business continuity plans.This person will be expected to influence, educate and empower all levels of the organization

RESPONSIBILITIES:

• Drive and facilitate the many different frameworks required to operate (COBIT, NIST CSF, HIPAA, PCI, Mitre ATT&CK, etc.) as well as industry best practices as it relates to policies and procedures for SOX and General IT controls.
• Lead and coach incident detection and response (SOC).
• Reports on governance, risk, and compliance as appropriate.
• Design, coordinate, and execute the day-to-day activities related to information security and compliance in the following areas: IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cybersecurity, cloud and third parties, data management and analytics, emerging technology and digital solutions, automation (robotics, cognitive, etc.), IT and transformation programs and projects, General IT Controls, User Access Reviews, cloud computing, SaaS configuration, application configuration and controls, software development/DevOps controls, and regulatory/compliance requirements.
• Periodically review Company's IT processes, risk, controls and compliance against Company's desired frameworks, and assess capability maturity, identify gaps in design and execution, and communicate issues and recommendations to senior management
• Coordinate with Internal Audit and External Auditors as appropriate.
• Provide thought leadership and be the subject matter expert on cybersecurity practices with deep knowledge about best practices and systems.
• Maintain an assessment of adherence and identify risk/control improvements in areas with medium to high complexity.
• Ensures understanding and communication of area of responsibility
• Assist others across the organization as required
• Analyze IT transactions from a cost, capacity and forecast perspective and work with appropriate team members to continually evaluate new technologies and methodologies.
• Provides leadership and coordination around acquisition and divestiture transactions.
• Work with management and practitioners, IT associates, partners and vendors to ensure maximum utilization of all resources as appropriate.
• Keeps management fully informed of all activities and challenges within area of responsibility.
• Keeps abreast of company goals, methods, and procedures and of current developments in technology and available vendor-supplied products.

Qualifications:

• Must have very strong customer service orientation.
• Ability to organize and plan one's own work to provide for effective task performance and coordination of effort.
• Ability to work within a global team.
• Must be flexible and have the ability to quickly adapt to changing situations.
• Must maintain confidentiality concerning all Company information and documents.
• Must maintain security according to Company standards.
• Ability to interact with a varied assortment of personalities within a global and diverse team.
• Bachelor's degree or equivalent experience.
• 7+ years of experience with cybersecurity management operating models, three lines-of-defense frameworks, integrated security attack and response practices, and/or threat intelligence capabilities.

Werner Enterprises provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, genetic information or veteran status or other status protected by law. We encourage applicants of all ages as we do not discriminate on the basis of an applicant's age.