• Assist the CISO in developing and implementing the overall information security strategy.
• Provide leadership and direction to the information security team, ensuring alignment with organizational goals.
• Collaborate with other departments to integrate security measures into business processes and initiatives.
• Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
• Develop, socialize, and coordinate approval and implementation of security policies.
• Liaise with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, ensuring that information security requirements are implicit in these architectures and security is built in by design.
• Direct the creation of a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program.
• Oversee security operations functions such as threat monitoring, incident response, vulnerability management, and monitoring and risk resolution.
• Ensure the effective management of security technologies, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Lead efforts to detect, respond to, and recover from security incidents and breaches.
• Assist in the development and maintenance of the organization’s information security risk management framework.
• Ensure compliance with relevant regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS).
• Conduct regular security assessments and audits to identify and mitigate risks.
• Develop, implement, and maintain information security policies, standards, and procedures.
• Ensure that security policies are effectively communicated and enforced across the organization.
• Mentor and develop a high-performing information security team.
• Foster a culture of continuous improvement, innovation, and collaboration within the security team.
• Identify training and development opportunities to enhance the skills of team members.
• Act as a key point of contact for information security-related matters across the organization.
• Engage with senior leadership to communicate security risks, strategies, and the status of security initiatives.
• Build and maintain relationships with external partners, including vendors, regulators, and industry peers.
• Coordinate the development of implementation of cyber/physical incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event.
• Provide direction, support, and in-house consulting on incident response.
• Coordinate with legal, compliance, and public relations teams during incidents that may impact the organization’s reputation or regulatory standing.
• Other duties as assigned.

Required Qualifications

• 4 Year / Bachelors Degree in a related field. Equivalent experience accepted.
• Minimum Certification: CISSP and at least 1 of the following: CRISC, CISA, CISM, or similar.
• 7 years minimum of demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security.

Preferred Qualifications

• Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
• Experience with contract and vendor negotiations.
• Strong technical background across broad base of information security tools.
• Knowledge and understanding of relevant legal and regulatory requirements, such as: HIPAA, Privacy, GLBA, SOX, GDPR, CPRA, etc.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
• Up-to-date knowledge of methodologies and trends in both business and IT.
• Strong background in cloud security, endpoint protection technologies and application security practices.
• Proven experience in incident response, risk management and security operations.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
• Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.
• Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.
• Excellent stakeholder management skills.
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Project management skills, financial/budget management, scheduling, and resource management.
• A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• High degree of initiative, dependability, and ability to work with little supervision while being resilient to change.
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• Good judgment, a sense of urgency and demonstrated commitment to high standards of ethics, regulatory compliance, customer service, and business integrity.
• A critical thinker, with strong problem-solving skills.
• Strong problem-solving and troubleshooting skills.
• Self-motivated and possessing of a high sense of urgency and personal integrity.

• This position manages employees and is responsible for the performance management and hiring of the employees.
• Travel Requirements: Less than 25%.
• This position has access to highly confidential, sensitive information relating to the employees, customers, and technologies of Sorenson Communications. It is essential that applicant possess the requisite integrity to maintain the information in strictest confidence.

Benefits

• Paid Vacation Time and Paid Sick Time and Paid Holidays
• 401k 6% match with immediate vesting
• Nationwide Medical Insurance plans and coverage (Medical, Dental/Orthodontia, Vision)
• TeleDoc
• HSA company match
• 3 Medical plan options including a Low Deductible PPO Medical Plan Offering
• Employee Assistance Program
• Engaged Employee Resource Groups
• Outstanding Learning and Career Development Opportunities

Pay Range: Actual pay may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for incentive compensation.