Jobs · Information Technology

POS1189 - VP CYBERSECURITY

Envision · United States · 6 days ago
RemoteRemoteInformation TechnologyFull-time

About the role

The VP, Cybersecurity Operations reports directly to the Chief Information Officer (CIO) and is responsible for development, oversight, and implementation of the enterprise-wide Cybersecurity strategy for Envision. This position serves as the senior advisor to the organization’s executive leadership team on matters related to this area of responsibility, including cybersecurity operations, cloud security, cyber GRC, Cyber–Incident Response, and security architecture.

Responsibilities

  • Lead the development and execution of a comprehensive cybersecurity strategy to safeguard enterprise-wide information systems, digital assets, and sensitive data.
  • Oversee the execution of cybersecurity initiatives and produce clear, concise written updates for the Board of Directors, detailing program progress, risk posture, and strategic priorities.
  • Develop, govern, and mature a comprehensive cybersecurity risk-based program focused on the integrity, confidentiality, and availability of information assets.
  • Define the cybersecurity architecture roadmap that will identify appropriate security controls and assess current and new technologies to support the organization’s security priorities.
  • Develop, maintain, and promote cybersecurity policies, standards, and guidelines.
  • Ensure that controls align with and address contractual obligations, corporate policies, and legal and regulatory requirements for cybersecurity.
  • Oversee the management of cybersecurity awareness training programs for all employees, contractors, and approved system users.
  • Define and facilitate the cybersecurity risk assessment process and work effectively with Information Technology leadership to procure and implement recommended security measures.
  • Provide strategic risk guidance and security consultation for corporate projects, including the evaluation and recommendation of technical standards and controls.
  • Establish and implement a process for cyber incident management to effectively identify, respond, contain, and communicate a suspected or confirmed incident.
  • Identify, assess, and prioritize cybersecurity risks to data and systems, including external threats, cyber-crimes, internal threats, and third-party risks, advising relevant stakeholders on the appropriate courses of actions to contain, mitigate, or eliminate cyber risks.
  • Partner with Information Technology on the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a cybersecurity event.
  • Serve as an authoritative resource in all related aspects of cybersecurity to the company.
  • Establish strong internal relationships across the business and serve as a partner to senior leaders in compliance, legal and internal audit.
  • Establish external relationships with relevant key vendors, customers, risk management carriers, communication partners, and government agencies.

Qualifications

  • The ideal candidate is a collaborative and pragmatic leader who can align security priorities with business objectives, build strong cross-functional relationships, and produce concise, impactful executive communications that drive understanding and informed decision-making.
  • Minimum of 15 years of experience in a combination of risk management, information security and information technology fields.
  • At least 5 years of experience in a senior leadership role.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.
  • Knowledge of common information security management frameworks, such as NIST.
  • Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HIPAA Privacy & Security, related HHS/CMS regulations and guidelines, CCPA, GDPR, and industry compliance attestations and frameworks such as HITRUST, ACIPA SOC 2, NIST CSF, CIS, and PCI DSS.
  • Exhibit excellent analytical skills, the ability to manage multiple, inter-disciplinary projects as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
  • Project management, financial/budget management, scheduling, and resource management.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
  • High degree of initiative, dependability, and ability to work with little supervision.
  • Use of Security Utilities and how to interpret data outputs and extracts.
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
  • Bachelor’s degree in information security, Computer Science, Management of Information Systems, or related field required.

Similar jobs