THE OPPORTUNITY:
*Open to remote candidates that reside in the United States and Canada*
The Associate Vice President, of Information Security, and Compliance will be responsible for managing VelocityEHS’s global information security programs, ensuring overall compliance with security policies and regulations, and ensuring the privacy, integrity, and security of all systems and data. The individual will lead a team of professionals to architect and implement the organization’s cyber defense strategy, evaluate new technologies to effectively manage cyber threats, and align the defense posture to the larger cyber strategy. In addition, the Associate Vice President will establish and maintain relationships with key stakeholders and ensure the information security program complies with relevant laws, regulations, and industry standards.
The Associate Vice President, Information Security, and Compliance will play a critical role in ensuring the organization’s information security and compliance posture is aligned with industry standards and regulatory requirements applicable to multi-national SaaS providers. The individual will need to be self-motivated, have excellent leadership and communication skills, and be able to effectively manage a team of professionals. In addition, the ideal candidate will have a deep understanding of emerging technology trends, be able to problem-solve complex issues, and have a strong understanding of regulatory compliance and governance frameworks.
The VelocityEHSwork environment is dynamic and innovative. We have a results-oriented culture that demands intelligence, teamwork, and follow-through.
PRIMARY DUTIES AND RESPONSIBILITIES:
Key Responsibilities include but are not limited to:
- Develop and maintain the Information Security Program and associated policies and procedures.
- Manage and oversee the enterprise-wide risk assessment and information security risk management process.
- Develop and manage the information security and compliance strategy, budget, and resource allocation.
- Establish and maintain relationships with key stakeholders, such as external auditors, legal counsel, and regulatory agencies.
- Ensure the information security program complies with relevant laws, regulations, and industry standards.
- Develop and manage incident response plans, including tabletop exercises and simulations.
- Manage all information security programs, such as the cybersecurity plan, account access and security profiles, authorizations, firewall management, network and server support, and other programs as required.
- Disseminate information and provide company-wide training on information technology and security systems.
- Lead a team of professionals to monitor and report on the operational performance of security technologies and processes.
- Direct the information security team to assess the security capabilities of new technologies, conduct security assessments on new and existing technologies, and support the processes for acquiring new technologies and services.
- Lead the team responsible for managing and reporting security incidents, monitor for external and inside threats, manage and contain incidents as they arise, and deliver lessons learned and continuous-improvement opportunities to the organization.
- Serve as an escalation point for security architecture decisions that span multiple infrastructure divisions.
- Establish a company-wide process to evaluate cyber security tools, maintain documentation of approved and preferred tools, and assist with tool rationalization where applicable.
- Manages a team of professionals to monitor and report on operational performance, including developing and managing key metrics (KPIs), including overall system uptime and security events, incorporating recommendations, executing improvements, and liaising and managing key security vendors as part of the comprehensive security program.
- Exemplify VelocityEHS’s core values of championing customer success, building honest relationships, choosing simple, being humble, and making a difference.
Minimum Skills & Qualifications:
- Degree in Relevant Field or Equivalent experience.10+ years of experience in Information Security, including expertise in regulatory compliance and governance frameworks (e.g., GDPR, HIPAA, PCI, NIST, ISO).
- Must be self-motivated but also work as part of a team with excellent people skills.
- Strong analytical and critical thinking skills, and excellent written and oral communication & presentation skills.
- In-depth knowledge of emerging technology trends.
- Ability to drive strategic direction.
- Ability to problem-solve complex problems and make ethical and sound judgments based on data and comprehensive analysis.
- Strong documentation, project management, and leadership skills.
- Experience with cloud security and securing SaaS-based solutions.
- Experience with data privacy and protection regulations such as GDPR and CCPA.
- Experience with security automation and orchestration tools.
- Experience with threat intelligence and threat-hunting techniques.
- Experience with managing third-party risk.
Preferred Skills & Qualifications:
- Previous CISO experience
We welcome and encourage diversity in the workplace. VelocityEHS is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, national or ethnic origin, religion, sex, sexual orientation, gender identity or expression, marital status, family status, veteran status, Indigenous/Native American status, or disability. Applicants with disabilities can request accessible formats, communication supports, or other accessibility assistance by contacting [email protected]
Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. VelocityEHS does not accept unsolicited headhunters and agency resumes. VelocityEHS will not pay fees to any third-party agency or company that does not have a signed agreement with VelocityEHS.