Associate Director, Cyber Security
Staffing Placement Opportunity
- The Associate Director, Cyber Security, has authority over and directs all aspects of cyber and information security at the organization. The Associate Director will create, implement, and oversee strategies and policies to support institutional cyber and information security aligned with the organization's strategic requirements.
- The Associate Director ensures compliance between business strategies and information security by leading, directing, and managing the provision of information security resources, expertise, guidance, and the systems necessary to execute strategic and operational plans across all the organization's information systems.
- The Associate Director applies the highest level of leadership skills; makes critical decisions related to organizational success; manages and leads those responsible for operational and tactical implementation of cyber and information security, and provides vision and inspires the organization.
- The incumbent will interact and liaise with all levels of the organization, including but not limited to the Board of Directors, the Senior Leadership team, administrators of the organization, bargaining unit members, external audit and compliance bodies, and as necessary, Law Enforcement agencies.
Duties and Responsibilities
Strategy and Policy
- Directs the development, implementation, delivery and support of cyber and information security policies, strategy, and architecture and aligns them to the strategic requirements of the organization.
- Leads the provision of cyber security practices necessary to execute strategic and operational plans across all the organization's information systems and assets.
- Ensures compliance between strategies and information assurance by setting cyber and information security strategies, standards, and practices.
- Directs the development of policies, standards, processes, awareness programs, and guidelines for ensuring the physical and electronic security of automated systems, information, and related assets.
- Reviews new proposals to provide advice on security issues and implications and provides direct input into the security architecture domain of the Enterprise Architecture practice.
- Develops and maintains procedures and guidelines for conducting digital forensic investigations. Leads and manages complex investigations managing internal resources and external and contracted specialists if required.
- Work with other teams within the IT department to establish best practices and readiness
- Work with the clients risk management office to develop policies, procedures, guidelines and compliance standards
Cyber and Information Security
- Able to understand the cyber security and IT industry and the implications of emerging technologies for the wider business environment.
- Take responsibility for managing all cyber security vulnerability testing activities within the organization. Assesses and advises on the practicality of testing process alternatives. Initiates improvements to test processes and directs their implementation.
- Ensures that cyber security incidents are handled according to agreed procedures and best practices.
- Investigates escalated incidents to responsible service owners and seeks resolution.
- Facilitates and leads all recovery activities, following resolution of incidents.
- Ensures that resolved incidents are properly documented and closed.
- Analyses causes of incidents to determine root-cause and informs service owners to minimize the probability of recurrence and contribute to service improvement.
- Analyses metrics and reports on the performance of the cyber security incident management process.
- Acts as the official point-of-contact for working with law enforcement and other authorized agencies as required to ensure security incidents are managed appropriately to ensure chain-of-custody and supporting documentation are maintained.
- Authorize the release of formal forensics reports.
- Prepare, coordinate and deliver cyber-security awareness and risk mitigation training.
- Develop, implement and maintain an incident response and reporting program.
HR and Financial Management
- Provides management oversight and supervisory support for all direct reports and matrixed supervision of other IT specialists involved in designing and implementing IT services and assets to ensure robust and complete compliance with modern cyber security postures and standards.
- Implement resource plans, including conducting recruitment interviews.
- Facilitates selection, assessment and onboarding processes, and internal resource allocation and performance review.
- Ensures compliance with relevant statutory or external regulations and codes of good practice.
- Provides operational guidance and leadership to direct reports, including performance reviews, annual goal setting and measurement, and development and monitoring of individual learning plans.
- Assesses suppliers' and other third party's overall security posture and practices to ensure appropriate compliance with the IT cyber security standards and policies of the organization.
- Manage client relationships concerning all IT cyber security matters.
- Approves and authorizes budget expenditures required to effectively and efficiently meet the services and infrastructure related to this portfolio.
- In consultation with the CIO and the rest of the Information Technology Department Management team, makes critical decisions regarding the technology directions and subsequent acquisitions and implementations for the organization.
Education & Experience:
- Master's degree in any discipline.
- Undergraduate degree in computing science or business-related discipline.
- Professional credentials related to information security (e.g. Certified Information Systems Security Professional)
- Twelve years of experience related to information security, including six years of management-level experience, in a unionized work environment.
- An equivalent combination of education and experience may be considered.
Skills & Abilities:
- Excellent business, negotiating, organizational, leadership, managerial, and planning skills.
- Excellent interpersonal and communication skills that are necessary to establish and sustain relationships and rapport.
- Good organizational skills and a high degree of self-motivation and business acumen.
- Demonstrated ability to take the initiative, work with limited direction, and tolerate constant uncertainty.
- Demonstrated understanding and knowledge of current cyber security information technology trends, issues, and mitigation strategies.
- Ability to communicate complex ideas and technology in a form consumable by non-technical stakeholders.
- Ability to communicate and explain complex ideas to technical and non-technical audiences at all levels in a persuasive and convincing manner.
- Ability to leverage broad and deep academic and business knowledge, including the activities and practices of other organizations.
- Ability to work in partnership with the clients Risk Management department to assess the risks of using or not using specific cyber security practices and technologies.
- Ability to understand and assess the impact of current and changing legislation to actively promote compliance.
- Ability to translate current and evolving cyber security defenses so that the organization develops and mobilizes the full range of required digital skills and capabilities to ensure best practice IT cyber security environments.
- Collegiality – values and demonstrates inclusivity, openness, civility, and respect
- Problem-solving and decision making – considers a wide range of information and perspectives to solve problems and make reasoned decisions; demonstrates comfort with uncertainty and ambiguous conditions
- Organizational awareness – understands and appreciates an organization's internal culture and operating practices as well as the political and business climate in which the organization operates
- Innovation – welcomes, generates, and implements new ideas and solutions that help to achieve an organization's strategic goals
- Integrity – acts with openness, honesty, and respect to build and maintain an environment of trust
- Professional maturity – demonstrates courage to take on issues and make tough decisions while managing self with aplomb and emotional maturity
- Tenacity, resilience, and patience – believes that own actions and efforts will overcome obstacles, make progress, and attain successful results
- Business awareness – considers and understands the financial, operational, and human perspective and the impact of decisions
- Visioning and Strategic Thinking – energizes people around the vision and keeps the bigger picture in mind
- Team Leadership – creates team spirit and helps direct individuals toward achieving team and organizational goals. Inspires others to do their best, develop professionally and contribute to the success of the leadership team
- Relationship management – builds and maintains a crucial network of contacts both internally and externally.
- Communication – uses the power of personal interaction and language to influence, inspire and lead others effectively
- Achieves results – a goal-oriented individual who thrives on achieving outcomes through consultative and collaborative methods
Note; This job opportunity is with a Microserve client.