We are seeking an Information Security Officer (ISO) to drive the strategy, implementation and maintenance of a company-wide information security management program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected from security threats. The ISO will also ensure operational compliance with all standards and regulatory requirements (e.g. SOC2, ISO 270001, SOX, HIPAA, GDPR, PII, PCI, etc.) while liaising effectively with Athenium Analytics’ clients, partners and stakeholders on security-related matters.
This individual must have sound knowledge of business management and a working knowledge of information security technologies. This position will work cross-functionally to implement practices that meet defined policies and standards for information security, particularly within the context of a company with both datacenter and cloud-managed business operations. The ISO will also oversee multiple risk management activities and projects defined by the Chief Operating Officer (COO).
- Develop, implement and monitor a strategic, comprehensive enterprise information security, compliance and risk management program.
- Create, maintain and publish up-to-date information security policies, standards and guidelines; oversee the approval, training, and dissemination of security policies and practices.
- Formulate, communicate and implement a process for vendor risk management.
- Provide regular reporting on the current status of the information security program to Athenium Analytics’ senior business leaders.
- Devise and enhance an information security management framework based on the following: SOC-2, International Organization for Standardization (ISO) 2700X, Sarbanes-Oxley Act (SOX), Personally Identifiable Information (PII), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR).
- Facilitate and conduct periodic security audits and testing.
- Collect and prepare evidence for assessment, risk management, other security-related and regulatory activities.
- Perform Data Impact Assessments. Create and maintain processing activities records, data flows, data maps and related documentation.
- Provide strategic risk guidance for product engineering projects, including the evaluation and recommendation of technical controls.
- Liaise with Athenium Analytics’ clients, partners and stakeholders on security-related matters, including security-related RFP responses and questionnaires.
- Strategic partnership with IT and DevOps.
- Facilitate Data Protection Officer (DPO) responsibilities.
- Perform other duties as assigned.
This position will also be assigned special and permanent duties that are outside the written position description, as needed by the Chief Operating Officer, CEO, or their designee.
- Bachelor’s degree in information technology, computer science, engineering, related technology field, or equivalent work experience.
- Minimum of 7-10+ years of experience in a combination of risk management, information security and product engineering roles, with at least 2-4 years in a senior leadership role.
- Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.
- Proven track record and experience in developing, and managing, information security policies and procedures for companies that leverage both datacenter and cloud technologies such as Amazon Web Services (AWS) and / or offer Software as a service (SaaS) products with security commitments to clients and partners.
- Up-to-date knowledge of common information security management frameworks, such as ISO/IEC 27001, SOCII, COBIT, NIST, etc.
- Strong project management, financial/budget management, and resource management skills.
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
What we look for:
- Outstanding listening, analytical, organizational and time management skills. Ability to dig into data, surface actionable insights and demonstrates sound decision-making skills. A problem-solver at heart.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Strong work ethic, hands-on, detail oriented with a customer service mentality.
- Team player, self-driven, motivated, and able to work under pressure.
- Able to drive a project from conception to completion, not just execute on an existing plan, with impeccable multi-tasking ability. The ability to prioritize tasks in order to meet deadlines.
- Results-oriented and demonstrated record of developing initiatives that impact productivity.
- Proactive and solutions-oriented with experience working in ambiguity.
This position is based in Dover, NH office and will provide support to all of Athenium’s business locations.