VP Corporate Security Integra Telecom
THIS JOB HAS EXPIRED DescriptionThe Vice President (VP), Corporate Security will be responsible to build and manage a holistic corporate security program that aligns with Integra?s business, technology, and compliance needs. This will include responsibility for the strategic vision and tactical implementation of physical, administrative, and technical security controls across the organization. This includes identifying all internal and external security drivers, defining a comprehensive risk management framework, establishing a three to five year security roadmap, updating and centralizing Integra?s existing security policies, overseeing the implementation and management of specific security controls, and leading all internal security awareness and training initiatives. The position will also engage with customers, business partners, auditors, regulatory bodies, and other third party entities to ensure that all applicable security needs are being addressed in a timely and appropriate manner. The position reports directly to the Senior Vice President of Business Process and Technology (CIO), however it will interface with various members of the senior management team.
Requirements?Develop and maintain an effective information security architectural approach, ensuring that the approach is implemented in accordance with appropriate standards.
?Utilize the metrics to prioritize key initiatives and respond to negative trends.
?Ensure that all IT and information security programs are in compliance with applicable laws, regulations, and policies.
?Define, implement, and maintain the organization?s global information risk management strategy, collaborating with appropriate business management leads and committees to get buy-in and build momentum.
?Oversee the maintenance of a global information security and risk management policy set, including standards and processes that fit the organization at all levels.
?Conduct information risk assessments across the enterprise at suitable intervals. Ensure that key risk issues are understood, communicated, tracked and reported.
?Regularly verify that required information security and risk controls are in place, raising audit report findings as non-compliance items are found, and driving improvement.
?Collaborate with individuals responsible for enterprise architecture to define information security architecture specifications and to ensure that information security architecture standards, policies, and procedures are available and enacted consistently across application development projects and programs.
?Collaborate with application owners to understand the risk position around key business applications.
?Address perceived risk shortfalls as appropriate.
?Establish processes to respond in a timely and proactive manner to significant information security breaches.
?Respond appropriately to investigations and forensic requests, managing situations with discretion, sensitivity, and objectivity.
?Collaboratively engage with product development teams and business representatives to facilitate a globally standardized approach and governance structure designed to address information and product security.
?Bachelor?s degree in business, technology, security, or another related field.
?10+ years of direct experience in physical, network and/or information technology security with increases in both responsibility and accountability.
?Demonstrated success in leading holistic, enterprise-level security programs.
?Ability to balance the dual imperatives of enablement and protection, ensuring that the business can operate at peak efficiency and effectiveness in a safe and secure manner.
?Ability to track and control annual operating expenses and capital budgets for the corporate security program and all associated initiatives.
?Ability to manage multiple projects and programs, prioritizing time and resources.
?Ability to lead effectively, to influence and persuade others, and to create an organizational culture shift toward a security-oriented mindset.
?Ability to communicate security-related concepts and ideas to both technical and non-technical audiences in a clear and concise manner.
?Understanding of security from a customer-oriented perspective and the ability to market and sell security as one of Integra?s key competitive advantages.
?Clear understanding of the current governance, risk management, and compliance climate, including specific requirements and the means for addressing those requirements.
?In-depth understanding of the SSAE-16 audit and attestation process, PCI and HIPAA-HITECH, state breach notification laws and various telecommunications regulations.
?Expertise in working with the ISO 27xxx library of security standards, COSO, COBIT, ITIL, and other assorted best practice frameworks.
?Hand-on experience implementing, managing, and monitoring security systems and subsystems, including firewalls, intrusion detection and malware protection.
?Background in physical and environmental security, including building security, access management and closed circuit television monitoring.
?Experience with business continuity and disaster recovery planning, incident response handling and actively managing emergency operations during a crisis.
?Ability to interact and coordinate with government officials, law enforcement personnel, emergency workers, and others to address emergency scenarios.
?One or more of the following certifications:
?Certified Protection Professional (CPP)
?Certified Information Security Professional (CISSP)
?Certified Information Security Manager (CISM)
?Certified Information Systems Auditor (CISA)
?The Project Management Professional (PMP), Professional Certified Marketer (PCM), and any number of active, technically-oriented security certifications from Microsoft, Cisco, SANS and others are also preferred/encouraged.
Master?s degree in business or technology
Managing a corporate security program within a telecommunications company
||Denver, CO |
THIS JOB HAS EXPIRED