ROLE & RESPONSIBILITES

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems

SCOPE OF ROLE

1. Security Program and Strategy Services

• IT Security Strategy & Architecture Services

• IT Security Policy & Program Services

• IT Awareness & Training

• IT Security Metrics

2. Data Security

• Vendor Due Dilligence Services

• Security Compliance Planning, Readiness & Assessment Services

• Encryption & Storage Strategy & Implementation Services

• Data Leakage Services

3. Vulnerability and Penetration Testing Services

• Infrastructure Vulnerability Services

• Scanning Services & Strategy

• Application Vulnerability Services

• Network Vulnerability Services

• Database Vulnerability Services

• Secure Code Reviews

4. Security Operations Services

• Security Operations Center Design, Implementation & Staffing

• SIEM Program & Operational Services

• Technology Tool Strategy, Selection & Implementation

5. Incident Response and Forensics

• Incident Response Strategy & Planning

• Security Breach Response

• Forensics Investigation

• eDiscovery Support

• Identity & Access Management

• Identity Credential Selection

• Identity Federation Strategy & Implementation Services