Business Information Security Officer – Defense Industrial Base (DIB) Exp

This is a fully remote position, open to applicants in California.

📋 Description

• Develop, execute, and manage the Client's comprehensive information security program, including setting goals, objectives, and policies while establishing departmental priorities to fulfill that vision.

• Create a well-defined and consistent security architecture standard and collaborate with Clients to implement technical controls aligned with leading security and privacy best practices.

• Lead Client's domestic and international initiatives to comply with evolving cyber security mandates, data protection, and privacy regulations.

• Enforce approved policies and procedures to ensure that information security efforts are well-coordinated and compliant, making recommendations for changes and improvements to mitigate overall security risks for the Client.

• Monitor and evaluate Client organizations' adherence to information security policies and procedures, ensuring compliance from third-party vendors.

• Manage the Client's incident response strategy, data loss prevention efforts, and breach remediation, acting as the main point of contact for response execution.

• Implement ongoing risk assessment programs focused on information security and privacy; suggest methods for vulnerability detection and remediation and conduct and/or supervise vulnerability testing.

• Organize and present information security reports and assessments as required by regulatory bodies, clients, and management.

• Collaborate with colleagues across the organization to analyze customer feedback and requirements, ensuring that the security strategy and roadmaps are in line with the security needs of Clients.

• Stay updated on the latest security and privacy laws, regulations, alerts, and vulnerabilities affecting the organization. Engage in continuous research to keep abreast of technology, customer demands, and overall requirements.

• Participate in significant initiatives and projects to ensure that cybersecurity controls are considered early in the project and software development lifecycles.

• Ensure that risk assessments are carried out on Client's high-risk business applications, providing escalation for critical issues identified during these assessments, and ensuring that remediation plans are completed successfully.

⛳️ Requirements

• Experience in Cyber Compliance Assessments & Regulatory Compliance, particularly with NIST 800-171, CMMC, and DFARS.

• Over 10 years of experience in Cybersecurity, preferably within the oil industry or Defense Industrial Base Sector, with a focus on Security and Compliance.

• Proven track record of evaluating threats and vulnerabilities from both business and technical standpoints.

• Capability to devise and advocate for practical security solutions that facilitate business growth.

• Experience in developing a strategic, comprehensive enterprise information security and IT risk and privacy management program.

• Background in supporting customer-facing products, not solely internal operations.

• Ability to foster a culture of accountability and security.

• Proficient in communicating and engaging effectively with a diverse audience, including technical staff, non-technical personnel, management, executives, and vendors/providers.

• Self-motivated individual with the ability to lead tasks and demonstrate independence in work.

🏝️ Benefits

• Salary commensurate with years of experience, technical expertise, and geographic location.

• Salary range: $150,000 to $190,000.

• Performance bonuses.

• Benefits package that includes 100% paid medical, dental, and vision coverage for the employee.

• 401(k) plan with employer matching.

• Strong company culture.

• Flexible PTO policy.

• Flexible working arrangements.

• Annual company overnight retreat.