VP, Chief Information Security Officer - National Rural Electric Cooperative Association (NRECA) - Arlington, VA

Job Description The National Rural Electric Cooperative Association (NRECA), with offices in Arlington, VA and Lincoln, NE is the trade association for over 900 consumer-owned electric cooperatives serving more than 42 million people. NRECA is committed to harnessing the strength of America’s electric cooperatives into a single powerful voice. NRECA has won the following awards over the past few years: Top Workplace by the Washington Post100 Best Places to Work - ComputerWorld Magazine50 Best Places to Work - The WashingtonianCARE Award Recipient - Recognizing organizations that promote a positive work-life balanceBest Place to Work Award Recipient - Lincoln, NEGold Well Workplace - Wellness Councils of AmericaState of NE Governor's Wellness Award - Grower Level At NRECA, we work with people who are leaders in their fields. They are down-to-earth, hardworking professionals committed to helping our members serve their communities. Our work is interesting, constantly evolving, and requires new skills to meet the evolving needs of a dynamic industry. In this collegial, inclusive work environment, united around the compelling purpose and history of electric cooperatives, we thrive. And topping it off, NRECA cares about each person’s overall well-being, encouraging health, financial security, and a sustainable work/life balance. EEO/AA- M/F/Disability/Protected Veteran Status/Genetic Data Summary
VP, Chief Information Security Officer M.4
Position Summary:
Leads the Information Security organization, serves as both NRECA’s Information Security Officer and HIPAA Security Officer, with overall responsibility for implementing adequate safeguards to ensure the confidentiality, integrity and availability of mission critical data and to prevent the accidental or intentional destruction, disclosure, modification or interruption of information that might cause substantial financial, legal harm and/or information loss. Provides leadership and oversight in the strategic planning and assessment of all company information security strategies, policies, procedures and guiding practices.

Essential Duties and Responsibilities:

Establish Governance and Build Knowledge Facilitates an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board. Ensures that the Information Security Program has the proper governance and controls in place to satisfy auditors and regulators. Provides regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes. Works with the vendor management office to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations. Creates and manages a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences. Lead the Organization Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals. Determines the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas. Manages the budget for the information security function, monitoring and reporting discrepancies. Inspires and motivates a Security Engineering team to work together as a cohesive and highly productive unit. Provides detailed technical guidance to the team, enabling them to execute more effectively and deliver products on time and within budget. Serves as NRECA’s Security Officer and as NRECA’s HIPAA Security Officer. Advises internal stakeholders, business units and external members on key issues related to how information security funds should be invested to ensure consistent security measures associated with business unit risks. Set the Strategy Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate. Develops, implements and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization. Collaborates with Architecture group on future cloud strategy to ensure that cloud technology implementations satisfy the security requirements of the organization. Assesses and defines the organization’s current and future requirements in terms of information security. Build Partnerships and Communicate the Vision Promotes awareness of security policies and related security topics. Creates the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required. Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks. Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies. Liaises with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design. Operate the Function Creates a risk-based process for the assessment and mitigation of any information security risk in your ecosystem consisting of supply chain partners, vendors, consumers and any other third parties. Defines and publishes key performance indicators measuring the effectiveness of the information security organization; regularly report out to key stakeholders. Manages development and implementation of enterprise security policy, standards, guidelines and processes to ensure appropriate security in the enterprise’s information, applications Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings. Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines. Oversees technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk. Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter. Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas. Identifies and communicates protection and security goals consistent with Association strategy and risk assessments.
Responsible for the proper security and disposal of any confidential information that he or she may possess in the course of performing this position's job duties, as well as ensuring staff compliance with security protocols in accordance with NRECA’s Personnel and Administrative Policy and HIPAA Privacy and Security Policies and Procedures Manuals. Direct Reports to this Position:
Requirements and Qualifications
Formal Education Required:
Bachelor’s in Computer Science, Management Information Systems, Information Security or related field. Master's degree preferred.
Preferred Certifications: Governance of Enterprise IT (CGEIT) Global Information Assurance Certification (GIAC) Security Expert AWS Certified Solutions Architect – Associate Project Management Professional (PMP) AWS Certified Developer – Associate Information Systems Security Professional (CISSP) Risk and Information Systems Control (CRISC) Information Security Manager (CISM) ScrumMaster Ethical Hacker (CEH) Six Sigma Green Belt Citrix Certified Professional – Virtualization (CCP-V) Microsoft Certified Solutions Expert (MCSE) – Server Infrastructure Certified Information Systems Auditor (CISA) Cisco Certified Networking Professional (CCNP) Routing and Switching Citrix Certified Associate – Networking (CCA-N)Offensive Security Certified Professional (OSCP)
Experience Required: Minimum of ten (10) years successfully recruiting, managing and retaining highly talented and motivated staff. Minimum of twelve (12) years in Information Security with and strong technical knowledge of security principles, best practices, technologies and processes.Minimum of twelve (12) years in a variety of technology disciplines including: software development, systems engineering, systems integration, and technology evaluation. Minimum of ten (10) years as a business manager or project manager leading large, complex technology initiatives involving multiple businesses including the use of RFI, RFP, and contractual service requirements. Minimum of eight (8) years experience in Internet hardware and software technologies, including knowledge and experience with web development, application servers, internet standards, web services, service bus methods and solutions. Knowledge, Skills and Abilities Required (as demonstrated by prior work experience): Knowledge of Information Security technologies such as authentication, authorization, cryptography, encryption, auditing, evidence preservation, risk management and applicable tools such as virus protection, perimeter controls, firewalls, intrusion detection and data leak prevention. Knowledge of Information Security Frameworks such as ISO 27001 and 27002, Information Technology governance frameworks such as ITIL. and application development and System Development Life Cycle (SDLC) methodologies.
Knowledge of industry best practices for Application Development such as .Net, C#, Visual Studio, MVS, ZOS, COBOL, JCL, SQL, DB2, .XML and Object oriented design and development. Ability in extracting/translating findings into alternatives/solutions, identifying risks/impacts and schedule adjustments to facilitate management decision-making. Ability to develop an actionable, repeatable, and reportable security strategy. Ability to build and sustain a high-performing team with an appreciation and interest in building and sustaining strategic relationships with key internal decision makers, members, staff and the public. Ability in advising Senior Management on risks and associated information security practices, to assure proper strategies are implemented to ensure compliance and to mitigate any potential consequences to security incidents.
Ability in developing strong relationships with external business partners and vendor executives that enable productive results. Ability to be persuasive, negotiate, and collaborate with individuals at all levels inside and outside of the organization as demonstrated by prior work experience. Ability in translating business strategies, goals and objectives into actionable technology requirements and applying innovative solutions to technically complex problems. Ability to organize and manage time, multi-task, operate under pressure and prioritize projects (or work) using effective organizational skills. Ability to communicate, both verbally and in writing, with a diverse membership, senior management, employees, internal/external security stakeholders, and/or vendors in a clear and precise manner. Ability to use Microsoft Office tools (Excel, Word, Outlook, Power Point) in the day-to-day essential duties of the job. Ability to operate various office equipment such as personal computer, copier, printer, fax machine, 10-key adding machine, and multiple line telephone. Ability to provide service excellence by building relationships, being resourceful, responsive and respectful. ADA Requirements: The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal and extensive reading. Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires exertion of forces greater than that for sedentary work and the worker sits most of the time, the job is rated for light work. Disclaimer Statement: The preceding job description has been written to reflect management’s assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned.

Expired, click here to search for relevant jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.