VP Enterprise Security Office, CISO and CPO

PHEAA

$153K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in information security, computer science, or related field.
  • 10+ years' experience in information security, physical security, or risk management.
  • 5+ years managing security or IT staff.
  • Strong knowledge of cybersecurity laws and compliance standards.
  • Certified Information Security Management (CISM) or Certified Information Systems Security Professional (CISSP) required.

Responsibilities

  • Build a cybersecurity culture across the organization.
  • Develop and manage the vision, goals, and priorities for PHEAA's information security programs.
  • Advise executive leadership on cybersecurity strategies and risks.
  • Lead the development of the Agency's cyber-security roadmap.
  • Oversee the security execution of enterprise projects and initiatives.

Benefits

  • Hybrid work model with two days on-site per week.
  • Continuous professional development and training programs.
  • Encouragement of innovative security solutions and team autonomy.
  • Support for a balanced work-life through a standard Monday to Friday schedule.
  • Access to research and resources for staying updated on cybersecurity trends.
Full Job Description
Job Description

Salary: Grade 20, Commensurate with experience starting at $153,222.00

Shift: Monday through Friday 8:00 AM - 5:00 PM - Hybrid 2 days a week onsite

Location: PHEAA Headquarters 1200 North 7th Street, Harrisburg, PA 17102

Department: Enterprise Security Office

JOB PURPOSE AND SUMMARY

This role is responsible for planning, developing, and operating reliable information security and privacy programs that support the integrity and availability of digital information, safeguards the Agency's digital assets, and implements effective and appropriately scaled security and privacy policies, practices, and technologies. Develop relationships with all levels of the organization to implement appropriate security and privacy standards and procedures. This position is responsible for monitoring compliance with the legislated requirements that impact information security and privacy for PHEAA in its roles as an independent state agency and a commercial enterprise.

PRIMARY DUTIES AND RESPONSIBILITIES

Security Leadership

Build an enterprise-wide cybersecurity culture that improves security awareness and instills a risk-aware culture in the Agency.

Develop, manage and set the vision, goals, and priorities for information security at PHEAA.

Advise and report to Agency executive leadership and Board as may be required or requested on current Agency cybersecurity strategy and cybersecurity risk.

Lead initiatives related to Information Security strategic planning.

Provide strategic oversight for the security execution of enterprise projects, initiatives, and organizational changes, ensuring effective leadership and alignment across security managers, team leads, and staff.

Drive and oversee execution of security projects and initiatives, empowering security managers, team leads, and staff.

Set and manage the budget for the Enterprise Security Office.

Consult with business and Information Technology stake holders to understand their business and technical plans and formulate an Information Security plan that allows the Agency to achieve its goals.

Define Information Security metrics and report them regularly as required by Agency processes.

Stay current on emerging technology, trends, legislation, and threats that impact the Agency's information security posture.

Information Security and Privacy Management

Lead the development and maintenance of the Agency's strategic cyber-security roadmap.

Oversee the development, implementation, and management of security strategy processes, along with related architecture and engineering standards.

Assist in the review of applications and technology environments during the development and acquisitions process.

Translate and interpret technical risks for a broad range of audiences including the Board and Executive Leadership.

Maintain current knowledge of applicable cyber-security and privacy laws and monitor advancements in information security and privacy to ensure Agency adaptation and compliance.

Define and drive compliance with the Agency's enterprise security and privacy policies and standards, and ensure the related controls are in place and operating effectively.

Security Risk Management

Lead the development and implementation of the information security policy, standards, guidelines, and procedures that balance business objectives with information security risk.

Identify protection goals, objectives, and metrics consistent with Agency goals and regulatory requirements.

Collaborate with stakeholders to gain alignment on the determination on acceptable levels of risk.

Prioritize security initiatives and spending aligned with overall Agency risk management and financial goals.

Identify requirements and oversee development of Agency cyber-security training.

Staff Management

Responsible for leading the Enterprise Security Office team in fulfilling the mission of the Agency's information security goals.

Develop and enhance employee competence and effectiveness by providing on-going guidance, mentoring, feedback, and motivation to staff.

Create a culture that fully engages employees and empowers others to suggest and make decisions for continuous improvement.

Responsible for assisting recruiting with attracting key talent.

Responsible for employee lifecycle including hiring, providing periodic feedback on performance including writing and delivering annual performance evaluations, promotions, and terminations.

Ensure that ESO has the appropriate tools and resources necessary to accomplish their assigned tasks.

Identify skill development needs and develop training programs.

Incident Response

Provide strategic vision and tactical execution for cybersecurity incident prevention, detection, and response

Oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.

Set the strategy for the continuous monitoring and protection information systems including oversight of the Agency's Security Operations Center.

Evaluate suspected security breaches and recommend corrective actions (including incidents involving outside vendors).

Advise Executive Leadership during incidents as part of the Agency's Critical Incident Management team.

OTHER DUTIES AND RESPONSIBILITIES

Collaborate with internal and external auditors as appropriate for independent security audits.

Support Information Technology goals by providing leadership and guidance as directed over Information Technology roles not traditionally part of the Enterprise Security Office as well as provide strategic architectural guidance on cross functional solutions.

Other duties as assigned.

Required Skills

Bachelor's degree required in information security, computer science, or related field; experience of ten years in information/physical security, information technology, or risk management related field; and minimum of five years managing network, infrastructure or security staff or roles; or any equivalent combination of experience, training, and/or certification(s).

Experience implementing controls and mitigating risks related to information security and data privacy standards

Experience implementing cloud and other modern security technologies include encryption, network security, intrusion detection, and digital forensics

Experience with IT Risk Management, Information Security, IT control assurance in a central or business aligned support/control/audit functions.

Strong leadership, communication, and people management skills.

Demonstrated integrity and ability to maintain principles under internal and/or external pressure.

High-quality analytical skills, management experience, and exceptional relationship management competencies.

Demonstrated qualitative experience in strategic planning and/or policy development at a senior level.

Effectiveness in communicating recommended courses of action for innovative, business- oriented responses.

Passion for excellence and a demonstrable orientation toward successful staff development.

Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff.

Proven experience with business continuity and disaster recovery planning, auditing, and risk management, as well as contract and vendor negotiation.

Knowledge and experience in information privacy laws, access, release of information, and release control technologies.

Certified Information Security Management (CISM), Certified Information Systems Security Professional (CISSP) designation or relevant long-term experience required.

Essential Duties AND Responsibilities

Physical Requirements and Work Environment

Perform work required for this position in an office environment and/or via remote or hybrid arrangement.

Available 24/7 as needed.

Remain sedentary for moderate periods of time.

Must be able to communicate both written and verbal (i.e. speak in front of groups of people, email, editing and discussing contracts, etc.).

Must be able to use a personal computer.

Must be able to conduct detailed research.

Must be able to perform basic math skills.

Must be able to have regular and predictable on-site attendance; highly interactive role.

ADDITIONAL KNOWLEDGE, SKILLS, AND ABILITIES

Use logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems and make recommendations.

Ability to prioritize multiple, competing assignments at one time and work independently

Ability to develop a highly effective team

Strong influencing skills

Exceptional written and oral communications skills

Ability to build sustainable competitive advantages through pragmatic, innovative security solutions.

Ability to anticipate, influence, and assist the organization to assess and rapidly adjust to changing conditions and trends (internal and external) of importance to the direction of the organization.

Similar Jobs

More Jobs at PHEAA

More Information Technology Jobs

Find similar VP Enterprise Security Office, CISO and CPO jobs: