Associate Director, Cyber Security
Staffing Placement Opportunity
- The Associate Director will create, implement, and oversee strategies and policies to support institutional cyber and information security aligned with the clients strategic requirements.
- The Associate Director ensures compliance between business strategies and information security by leading, directing, and managing the provision of information security resources, expertise, guidance, and the systems necessary to execute strategic and operational plans across all the organization's information systems.
- The Associate Director applies the highest level of leadership skills; makes critical decisions related to organizational success; manages and leads those responsible for operational and tactical implementation of cyber and information security, and provides vision and inspires the organization.
- The incumbent will interact and liaise with all levels of the organization, including but not limited to the Board of Directors, the Senior Leadership team, administrators of the organization, bargaining unit members, external audit and compliance bodies, and as necessary, Law Enforcement agencies.
Duties and Responsibilities
Strategy and Policy
- Directs the development, implementation, delivery and support of cyber and information security policies, strategy, and architecture and aligns them to the strategic requirements of the client.
- Leads the provision of cyber security practices necessary to execute strategic and operational plans across all the organization's information systems and assets.
- Ensures compliance between strategies and information assurance by setting cyber and information security strategies, standards, and practices.
- Directs the development of policies, standards, processes, awareness programs, and guidelines for ensuring the physical and electronic security of automated systems, information, and related assets.
- Reviews new proposals to provide advice on security issues and implications and provides direct input into the security architecture domain of the Enterprise Architecture practice.
- Develops and maintains procedures and guidelines for conducting digital forensic investigations. Leads and manages complex investigations managing internal resources and external and contracted specialists if required.
Cyber and information Security
- Able to understand the cyber security and IT industry and the implications of emerging technologies for the wider business environment.
- Take responsibility for managing all cyber security vulnerability testing activities within the organization. Assesses and advises on the practicality of testing process alternatives. Initiates improvements to test processes and directs their implementation.
- Ensures that cyber security incidents are handled according to agreed procedures and best practices.
- Investigates escalated incidents to responsible service owners and seeks resolution.
- Facilitates and leads all recovery activities, following resolution of incidents.
- Ensures that resolved incidents are properly documented and closed.
- Analyses causes of incidents to determine root-cause and informs service owners to minimize the probability of recurrence and contribute to service improvement.
- Analyses metrics and reports on the performance of the cyber security incident management process.
- Acts as the official point-of-contact for working with law enforcement and other authorized agencies as required to ensure security incidents are managed appropriately to ensure chain-of-custody and supporting documentation are maintained.
- Authorize the release of formal forensics reports.
- Prepare, coordinate and deliver cyber-security awareness and risk mitigation training.
- Develop, implement and maintain an incident response and reporting program.
Education and Experience
- Master's degree in any discipline.
- Undergraduate degree in computing science or business-related discipline.
- Professional credentials related to information security (e.g. Certified Information Systems Security Professional)
- Twelve years of experience related to information security, including six years of management-level experience, in a unionized work environment.
- An equivalent combination of education and experience may be considered.
Skills and Abilities
- Excellent business, negotiating, organizational, leadership, managerial, and planning skills.
- Excellent interpersonal and communication skills that are necessary to establish and sustain relationships and rapport.
- Good organizational skills and a high degree of self-motivation and business acumen.
- Demonstrated ability to take the initiative, work with limited direction, and tolerate constant uncertainty.
- Demonstrated understanding and knowledge of current cyber security information technology trends, issues, and mitigation strategies.
- Ability to communicate complex ideas and technology in a form consumable by non-technical stakeholders.
- Ability to communicate and explain complex ideas to technical and non-technical audiences at all levels in a persuasive and convincing manner.
- Ability to leverage broad and deep academic and business knowledge, including the activities and practices of other organizations.
- Ability to work in partnership with the clients Risk Management department to assess the risks of using or not using specific cyber security practices and technologies.
- Ability to understand and assess the impact of current and changing legislation to actively promote compliance.
- Ability to translate current and evolving cyber security defenses so that the organization develops and mobilizes the full range of required digital skills and capabilities to ensure best practice IT cyber security environments.
- Collegiality – values and demonstrates inclusivity, openness, civility, and respect
- Problem-solving and decision making – considers a wide range of information and perspectives to solve problems and make reasoned decisions; demonstrates comfort with uncertainty and ambiguous conditions
- Organizational awareness – understands and appreciates an organization's internal culture and operating practices as well as the political and business climate in which the organization operates
- Innovation – welcomes, generates, and implements new ideas and solutions that help to achieve an organization's strategic goals
- Student Focus – making decisions with the students in mind, focusing on providing the best possible experience for the student
- Integrity – acts with openness, honesty, and respect to build and maintain an environment of trust
- Professional maturity – demonstrates courage to take on issues and make tough decisions while managing self with aplomb and emotional maturity
- Tenacity, resilience, and patience – believes that own actions and efforts will overcome obstacles, make progress, and attain successful results
- Business awareness – considers and understands the financial, operational, and human perspective and the impact of decisions
- Visioning and Strategic Thinking – energizes people around the vision and keeps the bigger picture in mind
- Team Leadership – creates team spirit and helps direct individuals toward achieving team and organizational goals. Inspires others to do their best, develop professionally and contribute to the success of the leadership team
- Relationship management – builds and maintains a crucial network of contacts both internally and externally.
- Communication – uses the power of personal interaction and language to influence, inspire and lead others effectively
- Achieves results – a goal-oriented individual who thrives on achieving outcomes through consultative and collaborative methods
Note; This job opportunity is with a Microserve client.