Description
Job Description:- Develops and delivers a comprehensive information security and privacy program.
- The scope of this program is company-wide, and includes information in electronic, print and other formats.
- The purpose of this program includes: assuring that information created, acquired or maintained by the company, and its authorized users, is used in accordance with its intended purpose; to protect information and its infrastructure from external or internal threats; and to assure that the company complies with statutory and regulatory requirements regarding information access, security and privacy.
- Coordinate the development of information security policies, standards and procedures.
- Work with key IT offices, data custodians and governance groups in the development of such policies.
- Ensure that company policies support compliance with external requirements.
- Oversee the dissemination of policies, standards and procedures to the user community
- Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and vendors
- Serve as the company compliance officer with respect to state and federal information security policies and regulations.
- Work with the designated internal audit, SOX compliance, legal, and HR on compliance issues as necessary.
- Prepare and submit and submit required reports to external agencies.
- Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
- Serve as the official company contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities.
- Develop and implement an ongoing risk assessment program targeting information security and privacy matters
- Recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.
Skills/Qualifications:
- SAP Security
- Cloud Security
- Mobile Security
- Database Security and any combination of the above would be preferred.