Director Of Information Security
CurrentAssess, design, plan, and execute overall enterprise security program. Program was non-existent prior to my arrival and needed a framework and structure to focus, track, and repeat all existing disparate efforts across the enterprise. Leveraging a risk framework combining NIST CSF, CIS 18, and Secure Controls Framework, the program has a solid direction with metrics that track progress and identify areas of priorities. Overall responsibilities: - Develop and execute enterprise security program strategic vision and roadmap based on a balance of risk reduction and practical security measures - Prioritize and implement security initiatives to protect the business while allowing for speed and flexibility to achieve company objectives - Govern the Enterprise threat & vulnerability management program including identifying, assessing, and driving remediation of vulnerabilities - Lead the Cyber Security Operations team responsible for monitoring and responding to cyber and information security incidents - Develop and enhance the skills and experience of both infrastructure and operational staff with specific security responsibilities to ensure that systems remain secure, available, and functional always - Measure staff’s performance through annual performance appraisals and provide training/development for continuous improvement