Company Overview: Job Description :

This position is remote and can be located anywhere in the United States.

Seeking a VP of Information Security responsible for leading the information security, risk and compliance management within the Information Technology department. In this role, you will develop and execute short-term plans and longer-range strategies to mitigate cyber risk by leveraging program maturity assessments, operational reporting, and industry trends. You will also work across teams to ensure alignment with best practices and deliver security enhancement projects. You will lead teams and projects that are complex in nature and/or of strategic importance to Enlyte and will have a moderate number of direct reports consisting of directors, managers, security engineers, compliance analysts. This is a unique opportunity to lead and develop a motivated team of security, risk and compliance professionals and contribute to the strategic direction of the Information Technology Services (ITS) Department within a growing company.

Responsibilities:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program for the organization, which operates in hybrid multi-cloud
• Provide strategic risk guidance for product engineering projects, including the evaluation and recommendation of technical controls.
• Lead the vision for security in product delivery including the specification of analysis tools, threat modeling, execution of penetration tests and risk assessments.
• Provide regular reporting on the current status of the information security program to company senior business leaders as part of a strategic risk management program.
• Provide leadership to ensure alignment of executive management with security risk programs including the development and execution of tabletop exercises on an annual basis.

• Manage the organization's information security team. This includes hiring, training, staff development, performance management and regular performance reviews.
• Liaise with the company's development team to ensure alignment between the security and development practices.
• Develop strong partnership and joint business and technology roadmaps with business unit and shared service leaders.
• Manage and optimize financial budget.
• Develop and maintain the operating plan for Information Security cost center.
• Advocate for and deliver equitable, inclusive, accessible, and justice-driven security technology solutions

• Prioritize and optimize security investments to support and accelerate the company's growth.
• Development a cost effective, resilient, and elastic security infrastructure.
• Partner with SOC team to ensure 24x7x365 security operations for detection, triage, and remediation of security incidents.
• Develop and implement a security vulnerability management program working with engineering, DevOps, infrastructure, IT End User Services and related teams to ensure vulnerabilities are identified and prioritized for remediation.
• Ensure security vulnerabilities are identified and proactively managed on a continuous basis to reduce the organization's attack surface.
• Ensure all client-facing applications undergo extensive, independent penetration testing on at least an annual basis to identify, remediate and retest for identified security vulnerabilities.

• Develop, maintain and publish up-to-date information security policies, standards and guidelines; oversee the approval, training, and dissemination of security policies and practices.
• Ensure the information security program aligns with key frameworks including the NIST Cybersecurity Framework and others identified by the Governance, Risk and Compliance team.
• Liaise with customers, clients, partners and stakeholders on security-related matters.
• Provide cyber threat reduction program to strengthen reliability in our cyber ecosystem.

Qualifications:

• 10+ years IT experience with at least 7 in the information security and/or information risk management space.
• 5+ years leadership experience that includes development and management of managers or directors.
• Bachelors or advanced degree in computer science or related discipline preferred.
• Security specific certifications (CISSP, GIAC, CISM, etc.) strongly preferred.
• Excellent communication skills with experience interacting and presenting to board members, C-suite, customers, senior business and technical leadership and staff is required.
• Experience planning and controlling projects that deliver advance security program maturity.
• Must have expert level knowledge of current IT security techniques, industry trends, suppliers, and technology.
• Experience working closely with external auditors on SOC 1 & 2 (type 2) and ISO audits is required.
• Knowledge of zero trust principles and experience implementing the same in hybrid multi cloud environment is required.
• Knowledge of risk management & cyber-security frameworks including NIST-CSF, NIST-800, ISO-27001, ISO 27005 with Octave, MITRE ATT&CK, OWASP, CIS V8, HIPAA, SOX is expected.

Benefits : We’re committed to supporting your ultimate well-being through our total compensation package offerings that support your health, wealth and self. Compensation depends on the applicable US geographic market. The expected base pay for this position ranges from $180,000 - $220,000 annually, and will be based on a number of additional factors including skills, experience, and education. This position is also eligible for the management incentive bonus and equity. These offerings include Medical, Dental, Vision, Health Savings Accounts / Flexible Spending Accounts, Life and AD&D Insurance, 401(k), Tuition Reimbursement, and an array of resources that encourage a lifetime of healthier living. Benefits eligibility may differ depending on full-time or part-time status. The Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as a protected veteran, among other things, or status as a qualified individual with disability. Don’t meet every single requirement? Studies have shown that women and underrepresented minorities are less likely to apply to jobs unless they meet every single qualification. We are dedicated to building a diverse, inclusive, and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles. #LI-Remote #LI-FP1 #MIT