Zyston’s client is seeking to hire a Head of Information Security to oversee and advance the organization’s information security program. This role will involve the protection of the company’s intellectual property, proprietary data, and information assets. As the leader of the information security function, the successful candidate will ensure that systems are secure, compliant, and resilient against various threats. The Head of Information Security will report directly to the Head of Information Technology and play a pivotal role in shaping the organization’s security strategies.

Key Qualifications:

The ideal candidate will have extensive experience as a tactical leader in building and strengthening security programs. They should possess a solid combination of hands-on experience and strategic vision, enabling them to construct a comprehensive security infrastructure from the ground up. Specifically, the Head of Information Security will have proven experience in securing AWS cloud environments, as well as expertise in choosing and implementing critical security tools, such as SIEM and XDR, which are appropriate for the size and needs of the organization. Furthermore, the successful candidate will have experience within industries like Utilities, Energy, or Electric Vehicles (EVs), making them familiar with the unique challenges in these sectors.

This role requires a Head of Information Security with strong leadership skills to guide security initiatives across all levels of the organization. The position involves managing the security framework for the company, selecting, implementing, and maintaining security technologies, while also ensuring that all practices are in line with industry best practices. This leader will need to engage with various internal teams, including Information Technology, DevOps, and security stakeholders, to ensure that security measures are integrated into every layer of the organization’s operations.

Responsibilities of the Head of Information Security:

The Head of Information Security will have a broad and strategic responsibility, including managing the integrity, confidentiality, and availability of company data. They will be expected to evaluate, choose, and adapt security and risk management programs to ensure compliance with legal and regulatory requirements across all jurisdictions. Their efforts will help mitigate risks, reduce vulnerabilities, and strengthen the defense mechanisms of both internal and external systems.

As a leader, the Head of Information Security will also provide input to the executive leadership team, offering recommendations on investments and strategies that enhance security. This includes collaborating with managed services partners and utilizing Information Security Tools effectively. A key component of the role is the ability to influence and drive initiatives across the organization, even though the role itself will initially be a team of one.

The Head of Information Security will also be responsible for managing cloud security, specifically securing the AWS cloud environment, and building out a robust DevSecOps program. They will drive the implementation of security measures for Internet of Things (IoT) devices, Disaster Recovery (DR), and Business Continuity Planning (BCP). In addition, they will work on enhancing the organization’s detection and response capabilities, ensuring that the organization can detect and recover from potential security incidents swiftly.

Key operational tasks for the Head of Information Security include:

  • Incident Response: Develop and implement runbooks for incident response to ensure that the organization can quickly and effectively respond to security breaches.
  • Governance Risk & Compliance: Establish and maintain role-based training, conduct phishing simulations, and manage the organization’s risk register.
  • Patch Management and Vulnerability Management: Implement a comprehensive patch management program, ensuring that systems are hardened and vulnerabilities are addressed promptly.
  • Identity and Access Management (IAM): Implement strong identity and access management controls, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Privileged Access Management (PAM) solutions, with a preference for Okta as the IAM solution.
  • Security Awareness: Lead the development of a cybersecurity program with established metrics to track success and areas for improvement.

Additionally, the Head of Information Security will ensure that the security framework extends to network security, data classification, and protection for databases. The role will include the development of clear policies around asset management, configuration management, and establishing a centralized policy repository.

Leadership and Stakeholder Engagement:

As the Head of Information Security, the successful candidate will need to be highly motivated and capable of driving security initiatives in an environment where they may not always have direct authority. The role requires a leader who can influence other teams, including IT and DevOps, to ensure a unified approach to security across the organization.

The Head of Information Security will also interact directly with customers at all stages of the customer lifecycle. They will be responsible for presenting the company’s security stance to prospects, explaining and resolving contractual security requirements, and managing customer concerns related to security events in the industry. These interactions will require clear communication and an ability to translate technical security concerns into understandable and actionable insights for customers.

Experience and Expertise:

The ideal candidate for the Head of Information Security role will have hands-on experience in security leadership, with a deep understanding of the specific challenges faced by industries such as Utilities, Energy, and Electric Vehicles. Proven experience in securing cloud environments, especially AWS, and expertise in selecting and implementing security tools will be critical. Additionally, experience working within publicly traded companies will be highly valued. The successful candidate will be well-versed in both the tactical and strategic aspects of information security, capable of building and maintaining a robust security program while ensuring compliance and mitigating risks across all facets of the organization.

In conclusion, the Head of Information Security will play a key role in ensuring the integrity, confidentiality, and security of the company’s data. This leadership role is ideal for someone with extensive experience in security, a strong understanding of cloud environments, and a proven ability to build and implement security programs within complex industries. The candidate will drive security strategies, ensure the organization’s infrastructure is secure, and foster a culture of security awareness across all teams.

APPLY NOW

Apply for this position

Allowed Type(s): .pdf, .doc, .docx