Information Security Officer

Summary: The Information Security Officer is responsible for maintaining an enterprise-wide security program to protect the Company’s information, assets, and personnel. This position will develop and maintain information security policies, procedures, standards, and guidelines to ensure confidentiality, integrity, and availability of the organizations information systems and data. They will lead a team of information security professionals; the Information Security Officer will evaluate threats and vulnerabilities, assess potential impacts on the business, and implement controls to safeguard systems. This position works with the Senior Director of IT & Security.

Responsibilities:

• Build and manage a team of experts; establish, oversee, and maintain standards, policies, procedures, and specifications to promote systems' security and uninterrupted operation.
• Driving the development of a long-term strategic roadmap for information security.
• Evaluate potential threats to Onbe's information systems.
• Identify, evaluate, and remediate vulnerabilities in the organization through a formal risk-based vulnerability management program.
• Lead the implementation of new information security technologies or integration of existing technologies, including initial configuration, installation, organizational change, and operational handoff.
• Coordinate the development, implementation, and updating of information security policies, standards, guidelines, baselines, processes, and procedures in compliance with local, state, and federal regulations.
• Oversee the regular auditing of all information systems configurations and access controls, working with system owners to ensure only authorized users have access.
• Conduct regular security assessments, including penetration tests, phishing campaigns, and internal control audits.
• Implement and maintain appropriate detective controls to monitor the networks, systems, and applications for violations of information security policies or signs of a system compromise or data breach.
• Perform investigations into potential policy violations, security incidents, or data breaches.
• Evaluate the risk of all new systems and applications before implementation and assess the ongoing risk of existing systems and applications.
• Lead Business Continuity (BC) and Disaster Recovery (DR) planning, including conducting Business Impact Analysis (BIA), maintaining the BC and DR plans, and regularly testing BC/DR processes to make sure resiliency of the organization's information systems.
• Lead information security awareness and training programs to build a culture of good cyber hygiene.
• Develop appropriate information security and risk management metrics and key performance indicators, and provide regular reports to the CTO and other members of the executive team.
• Evaluate and recommend new security tools and technologies to improve the organizations security posture.
• Run Onbe's technical and physical security controls, such as access control systems, video surveillance systems, and alarm panels.

Qualifications

• Bachelor’s Degree in Computer Science, Information Systems, Business, Project Management.
• CISSP, CISM, or similar.
• 3+ years in a security leadership role.
• 7+ years working in a security-focused role in technology.
• PCI, SOC2, and ISO controls and frameworks.
• Experience working with a Security Operations Center (SOC).
• Functional knowledge in all areas of cybersecurity.

The base salary range for this position is between $133,020.00 to $177,360.00, with eligibility for an annual bonus. The actual base salary offered depends on a variety of factors, including but not limited to the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, business needs, and market demand. Our competitive benefits includes medical, dental, vision, wellness, 401(k) matching, unlimited PTO, work from anywhere, generous parental leave, and more! Our job titles may span more than one career level. All candidates are encouraged to apply.