Salary: $210K DOE + Bonus
Hybrid for Local and Fully Remote in the United States
Essential Duties and Responsibilities
Strategic Leadership:
- Assist the CISO in developing and implementing the overall information security strategy.
- Provide leadership and direction to the information security team, ensuring alignment with organizational goals.
- Collaborate with other departments to integrate security measures into business processes and initiatives.
Program Management:
- Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
- Develop, socialize, and coordinate approval and implementation of security policies.
- Liaise with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.
- Direct the creation of a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program
Security Operations:
- Oversee security operations functions such as threat monitoring, incident response, vulnerability management, and monitoring and risk resolution.
- Ensure the effective management of security technologies, including firewalls, intrusion detection/prevention systems, and endpoint protection.
- Lead efforts to detect, respond to, and recover from security incidents and breaches.
Risk Management and Compliance:
- Assist in the development and maintenance of the organization’s information security risk management framework.
- Ensure compliance with relevant regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS).
- Conduct regular security assessments and audits to identify and mitigate risks.
Policy and Procedure Development:
- Develop, implement, and maintain information security policies, standards, and procedures.
- Ensure that security policies are effectively communicated and enforced across the organization.
Team Leadership and Development:
- Mentor and develop a high-performing information security team.
- Foster a culture of continuous improvement, innovation, and collaboration within the security team.
- Identify training and development opportunities to enhance the skills of team members.
Stakeholder Engagement:
- Act as a key point of contact for information security-related matters across the organization.
- Engage with senior leadership to communicate security risks, strategies, and the status of security initiatives.
- Build and maintain relationships with external partners, including vendors, regulators, and industry peers.
Incident Response and Management:
- Coordinate the development of implementation of cyber / physical incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event.
- Provide direction, support, and in-house consulting on incident response.
- Coordinate with legal, compliance, and public relations teams during incidents that may impact the organization’s reputation or regulatory standing.
Other duties as assigned.
Supervisory Responsibility
This position manages employees and is responsible for the performance management and hiring of the employees.
Travel Requirements
Travel Requirements: Less than 25%
Education
4 Year / Bachelors Degree in a related field. Equivalent experience accepted.
Minimum Certification: CISSP and at least 1 of the following: CRISC, CISA, CISM, or similar
Experience
7 years minimum of demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security
Preferred experience:
- Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment
- Experience with contract and vendor negotiations
- Strong technical background across broad base of information security tools.
Knowledge, Skills and Abilities
Technical and Business Experience:
- Knowledge and understanding of relevant legal and regulatory requirements, such as: HIPAA, Privacy, GLBA, SOX, GDPR, CPRA, etc.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
- Up-to-date knowledge of methodologies and trends in both business and IT
- Strong background in cloud security, endpoint protection technologies and application security practices.
- Proven experience in incident response, risk management and security operations
Knowledge and Skills:
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
- Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization
- Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist
- Excellent stakeholder management skills
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
- Project management skills, financial/budget management, scheduling, and resource management
- A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital
Personal Characteristics:
- Poise and ability to act calmly and competently in high-pressure, high-stress situations
- High degree of initiative, dependability, and ability to work with little supervision while being resilient to change
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
- Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
- A critical thinker, with strong problem-solving skills
- Strong problem-solving and trouble-shooting skills
- Self-motivated and possessing of a high sense of urgency and personal integrity
Disclaimer
This position has access to highly confidential, sensitive information relating to the employees, customers, and technologies of Sorenson Communications. It is essential that applicant possess the requisite integrity to maintain the information in strictest confidence.
Benefits
- Paid Vacation Time and Paid Sick Time and Paid Holidays
- 401k 6% match with immediate vesting
- Nationwide Medical Insurance plans and coverage (Medical, Dental/Orthodontia, Vision)
- TeleDoc
- HSA company match
- 3 Medical plan options including a Low Deductible PPO Medical Plan Offering
- Employee Assistance Program
- Engaged Employee Resource Groups
- Outstanding Learning and Career Development Opportunities
Pay Range: Actual pay may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for incentive compensation.
Company Summary
Our Mission…Harnessing the power of language, we connect diverse people and enrich the human experience.
Our Vision…To provide global language services that expand opportunities, nurture belonging, and empower the world to connect beyond words.
As one of the world’s leading language services providers, Sorenson combines patented technology with human-centric solutions. We strive to increase diversity, equity, inclusion, and accessibility for underrepresented people through communication solutions for all: call captioning and video relay services, over-video and in-person sign language and spoken language interpreting, translation, real-time captioning, and post-production language services.
Sorenson’s impact vision and plan extends to supporting employment opportunities for diverse employees, customers, and communities. As a minority-owned company, we are committed to expanding opportunities for underserved communities while promoting an inclusive workplace for our own employees.
Equal Employment Opportunity:
Sorenson Communications is an Equal Opportunity, Affirmative Action Employer.
