Head-Information And Cyber Security

HEAD, INFORMATION SECURITY

Business Unit: Maxicare

Level: Assistant Vice President

Reporting Line: Chief Technology Officer

Position Accountability Statement

This role is the guardian of an organization’s information assets, entrusted with protecting sensitive information and safeguarding against an ever-evolving landscape of cyber threats. The Head of Information Security will be responsible for overseeing and managing the organization's information and data security strategies. This role involves developing and implementing security policies, procedures, and programs to protect the company's digital assets.

Key Responsibilities

• Develop and implement comprehensive information security policies and procedures.
• Lead the information security team in the detection, response, and mitigation of security threats.
• Manage the organization’s security architecture and ensure compliance with regulatory requirements.
• Conduct risk assessments and audits, and provide strategic risk guidance for IT projects.
• Work with critical units in the development and execution of disaster recovery and business continuity plans.
• Foster a culture of security awareness and provide training to employees at all levels.
• Liaise with stakeholders to report on security status and recommend solutions to improve security.
• Manage budget and resources for information security initiatives.
  
  

• Strategic Thinking : Ability to develop and implement comprehensive security strategies that align with the organization’s goals and risk tolerance.
• Leadership and Communication : Strong leadership skills to lead the security team and collaborate with other departments. Excellent communication skills are crucial for explaining complex security concepts to non-technical stakeholders and for influencing decision-making processes.
• Risk Management : Expertise in identifying, evaluating, and mitigating risks. Ability to develop and manage risk assessment and risk management frameworks.
• Incident Management : Proficiency in planning for and responding to security incidents and breaches. This includes disaster recovery planning and business continuity management.
• Technical Proficiency : Hands-on experience with IT infrastructure, network security, application security, and cloud security. Knowledge of current security tools and countermeasures.
• Budgeting and Financial Acumen : Capability to manage budgets, forecast security expenditures, and demonstrate the ROI of security investments.
• Innovation and Continuous Learning : Staying updated with the latest security trends, technologies, and threats. Encouraging a culture of continuous improvement and learning within the team.
• Interpersonal Skills : Ability to negotiate, resolve conflicts, and work collaboratively with other teams within the organization.
• Vendor Management : Skills in managing relationships with external vendors, suppliers, and third-party service providers related to cyber security.
• Change Management : Capacity to lead change, especially in driving security culture and implementing new security policies and technologies across the organization.
  
  

• Minimum of ten years of experience in cyber security, with significant exposure to threat detection and management.
• Bachelor’s degree in Information Technology, Computer Science, or related field; Master’s preferred.
• Professional certifications: Must hold at least one of the following certifications—Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
• Strong leadership skills and experience managing a team of security professionals.
• Excellent analytical skills, with the ability to analyze complex security data and provide strategic recommendations.
• Exceptional communication skills, capable of effectively articulating complex security risks and strategies to non-technical stakeholders.