VP of Security and Compliance

Description

The VP of Security and Compliance leads internal and external information security and has overall responsibility for ark’s information security program including oversight of security operations, implementation of a risk assessment program, maintaining policies and procedures, and oversight of audit and certification processes.

Essential Duties And Responsibilities

• Manage a team of security professionals who deploy cyber related tools and processes throughout the organization and execute the operational functions of cyber security that implement controls, policies, incident response, information classification and ensure the organization is meeting security program objectives.
• Support sales and the ark security products the company provides to customers
• Monitors and evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
• Oversees and manages compliance analysts, the enterprise compliance program, risk management and audit schedule.
• Communicates, records and tracks risk observations and remediation efforts against applicable regulatory entities and security required practices.
• Manages and conducts internal security audits, oversees third-party audits and assists with customer audits. Responsible for managing the audit plan, working directly with auditors, and providing internal guidance to ensure compliance with regulatory agencies.
• Communicates regulatory requirement changes and ensures corporate compliance initiatives are evolving to meet the needs of the customer base.
• Manages compliance assurance and provides risk prevention oversight for internal and customer projects, utilizing innovative methods and collaborative problem-solving techniques to support project plans.
• When needed, documents and distributes security incident information. Also provides recommendations on how to prevent future exposure by improving vulnerability management process and tools.
• Provides security activity reports and collects data for internal assessments and compliance reviews.
• Ensures service level agreement response times are met and incidents are closed in a timely manner, including verification of customer satisfaction.
• Understands and communicates security related company products, services and security operations objectives with customers
  
  

The above statements cover what are generally believed to be the principal and essential functions of this job. Specific circumstances may allow or require some people assigned to the job to perform a somewhat different combination of duties.

Requirements

Education and Experience:

• Bachelor’s degree or college coursework with an emphasis on Information Security beneficial
• 10+ years’ experience managing internal and external audits and an understanding of various regulatory entities to include but not limited to: PCI, HIPAA, HITRUST, ITAR, NIST 800-53, ISO17799, SOC 1,2&3, FISMA
• Ability to communicate clearly and effectively with internal teams, external vendors and customers both verbally and in written form
• CISSP, CISA, SSCP or security related certifications
  
  

Technical Knowledge

• Ability to learn and integrate new technologies in an ever-changing cyber security environment
• Core understanding of cyber security tools and best practices
• Logical and physical security controls knowledge
• Basic knowledge of Information Technology solutions to include: servers, applications architecture, networks and end point solutions
• Strong knowledge of enterprise risk management, security event management and audit frameworks
  
  

Working Conditions

• 20% travel
  
  

Compensation

The compensation for this position is $126,500-202,500 annually. Final offer amounts are determined by multiple factors including experience and skillset.

Information Security

To protect the security of ark and its customers, it is necessary that this position perform duties in a security conscious manner and protect the privacy and confidentiality of company assets including but not limited to, networks, business information and customer data. All ark employees are held accountable for the security of their specific job-related activities in accordance with company policy. Any ark employee who willingly and deliberately violates company policy will be subject to disciplinary action up to and including termination of employments and/or civil or criminal legal action.

ark is an Equal Opportunity Employer