Information Security Director

About Susan G. Komen

Susan G. Komen brings a 100% virtual working environment, and you can work anywhere within the U.S. We are a force united by a promise to end breast cancer forever. For over 40 years, we've led the way funding groundbreaking research, community health initiatives and advocacy programs in local communities across the U.S. Susan G. Komen is the ONLY organization that addresses breast cancer on multiple fronts such as research, community health, global outreach, and public policy initiatives to make the biggest impact against this disease.

Komen strives to have a culture of passionate, growth-minded professionals who thrive in a team environment and work collaboratively to inspire greatness in others! We take an ongoing approach to ensure open communication from all levels throughout the organization. It's encouraged to give and receive feedback to ensure two-way accountability with a focus on continual improvement both personally and professionally!

What you will be doing in the role of an Information Security Director

The Director of Information Security will drive the strategy and direct the work to plan, design, operate, monitor, and maintain the initiatives and daily operations of Komen's Information Security program and technologies that protect all Komen systems and data. The Director of Information Security is a strong advocate for adherence to established security policies and procedures and works with diverse individuals to achieve business goals and improve security.

Successful candidates should be knowledgeable of information technology security principles, standards, various computer/network operating systems, and the Microsoft suite of applications. You will establish and enforce organization-wide standards for information security best practices and regulatory compliance that protects information assets against the risk of loss, operational discontinuity, misuse, unauthorized disclosure, inaccessibility, and damage. This multi-tasking environment demands customer service, communication, leadership, and organizational skills.

What you will bring to the table

• Define and own a cybersecurity roadmap and key performance indicators focused on reducing cyber risk.
• Create quarterly, annual, and long-term cyber security and cyber risk management goals, articulate strategies, define metrics, and provide necessary updates to management.
• Ensure alignment between business strategy and Information Security Program direction.
• Using standard frameworks, identify and implement security controls to protect systems, operations, and information.
• Implement effective protections for a remote workforce, all company and cloud-delivered technology environments, assets, systems, and data.
• Lead security incident response with Legal, ongoing effective handling, and remediation of security incidents.
• Coordinate with various business stakeholders to ensure new and existing products and processes comply with applicable data privacy requirements.
• Keep well informed of developing security threats, and proactively create strategies to understand and mitigate potential security challenges.
• Direct the identification and prioritization of vulnerability management and remediation or mitigation of vulnerabilities in IT and OT systems.
• Create, own, and continually update privacy, security and information management related policies, documentation, and procedures, including handling of electronic protected health information.
• Own and communicate security risks, priorities, and incidents to appropriate leaders, with recommended approaches for mitigation and resolution.
• Document, implement, enforce, and maintain an overarching corporate information security policy and underlying security controls.
• Maintain certifications, reports, and attestations as necessary for internal and external compliance requirements.
• Guide various Komen teams on InfoSec/AppSec standards, security, and privacy best practices.
• Develop training materials and facilitate and/or conduct regular company-wide security and privacy awareness, education, and training programs.
• Ensure ongoing monitoring, auditing, and testing of the privacy and security programs to confirm all facets function as intended.
• In collaboration with Legal, oversee the vendor risk management function to vet and audit vendors and ensure compliance with company security and privacy requirements.

We already know you will also have

• 10+ years of security architecture, security engineering and/or security transformation experience operating in the cloud, on premises and hybrid environments.
• Demonstrable expertise in related Security Frameworks such as HIPAA, NIST, or CIS.
• Relevant Professional certification required: CISSP, CISA, CISM or CRISC.
• Comfortable rolling up their sleeves and contributing to the success of their teams.
• Highly motivated, detail oriented, and have a passion for all things cyber-security.
• Excellent Written and verbal communications with the ability and ease to breakdown complex and nuanced topics with simple and concise delivery.
• Action oriented with the ability to prioritize, schedule and track deadlines.
• Ability to thrive and take command in high-pressure situations and high-stakes scenarios, being decisive and composed.
• Leadership and management discipline, high emotional intelligence, and commitment to high levels of team engagement.
• Passion for growing, mentoring, and developing a diverse team with varying backgrounds and skill sets.
• Complete and thorough understanding of delivering, executing and maturing enterprise security operations at scale.
• Demonstrable deep-level knowledge of best-practice security architecture, supporting defense-in-depth and protecting legacy and modern technology.
• Application of best practice in identity protection and privileged access management.
• Ability to quantify business risk and drive maturity in vulnerability management through direct and indirect mitigations.
• Prior experience leading or delivering gap analysis, and security risk assessments.
• Prior experience building security program for SaaS software development lifecycle for a product deployed in a cloud environment, such as AWS or Azure.
• In-depth familiarity with risk methodologies and industry security-related frameworks.
• Good understanding of popular application security and data-privacy standards.
• Proven ability to create functional strategies and specific objectives in information security.
• Budgeting and workforce forecasting experience.
• Proven experience demonstrating industry best practices.

We would love if you also have

• Ability to work in a cross-functional matrix environment.
• Excellent understanding of vulnerability management and associated tools and solutions.
• Interpersonal and collaborative skills to establish and maintain effective working relationships.
• Successful leadership of teams performing incident response.
• Demonstrated ability to develop and mentor teams.
• Demonstrated inclusive leadership that embraces diversity.
• Highly motivated. Ability to work under pressure and own initiative.
• Solution-driven with demonstrated ability to meet deadlines and deliver results. Experience leading change in a dynamic environment and ability to build consensus. Demonstrated accountability and successful ownership of operating and managing a department.
• Experience with the hiring, staffing, and managing teams of information security professionals to accomplish the goals of the Information Security program.
• Able to mentor and lead direct, indirect, and matrixed resources to progress skills and competencies.

So, what's in it for you?

Komen believes in the importance of taking care of our employees so that in turn they can be committed to supporting our critical mission to support those impacted by breast cancer and to help find cures. This is what Komen provides away from the computer:

• Competitive annual salary 105k - 140k, exact compensation ranges are based on various factors including but not limited to the labor market, job level, internal equity, and budget. Offers given will take into consideration the candidate's skills, education, experience, geographic location, and other necessary credentials.
• Health, dental, vision and a retirement plan with a 6% employer match
• Generous Paid Time Off Plan
• Flexible work arrangement in a fully remote working environment
• Bi-weekly work from home stipend
• Parental leave
• Tuition Reimbursement
• A culture of learning and development
• And so much more!

Komen provides a remote and/or home-based working environment for all active employees. Komen defines remote as the ability to work from any physical location within the U.S. where an employee can perform specified work duties without disruption or distraction. Komen defines home-based roles as positions that are required to reside in a specific market. Work schedules for both remote and home based are determined by the organizational needs of each department.

Susan G. Komen is fair and equal in all its employment practices for persons without regard to age, race, color, religion, gender, national origin, disability, veteran status, or sexual orientation. Additionally, we embrace Diverse Teams & Perspective, and we find strength in the diversity of cultural backgrounds, ideas, and experiences.

SORRY NO AGENCIES

#LI-REMOTE