Governance, Risk, and Compliance Lead
Onsite - IT - Security - Contract - Job ID: 23-72699
Title: Information Security Officer
Location: Houston, TX (Hybrid)
Work Requirements: US Citizen, GC Holders or Authorized to Work in the U.S.
INSPYR Solutions is seeking a hands-on Information Security leader to join our team to lead the transformation of our Information Security program. The Information Security Officer (ISO) will be responsible for implementing and running the enterprise information security program. That will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks to information assets, while supporting and advancing objectives.
Duties & Responsibilities:
1. Establish Governance and Build Knowledge:
- Facilitates an information security governance structure through the management of a tiered governance program, including the formation of an information security steering committee or advisory board.
- Provides regular reporting on the status of the information security program to enterprise risk teams, and the CIO as part of a strategic enterprise risk management program, thus supporting business outcomes.
- Develops, socializes, and coordinates approval and implementation of security policies with the Policy Division of the department.
2. Set the Strategy and Build Strategic Alignment:
- Determines the information security approach and operating model in consultation with stakeholders and aligns with the risk management approach and compliance monitoring of non-digital risk areas.
- Develops an information security vision and strategy that is aligned to CIO priorities facilitates the delivery of information security goals while delivering business objectives, and ensures senior stakeholder buy-in and mandate.
- Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled or/and processed by the organization.
3. Develop the Frameworks:
- Develops and enhances an up-to-date information security management framework based on the following: National Institute of Standards and Technology (NIST) Cybersecurity Framework
- Creates and manages a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from applicable laws, standards, and regulations.
- Develops and maintains a document framework of continuously up-to-date information security policies, standards, and guidelines. Oversees the approval and publication of these information security policies and practices.
4. Operate the Function:
- Collaborates and consults with the data privacy officer to ensure that data privacy requirements are included where applicable.
- Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
- Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines.
5. Management and Leadership:
- Manage orchestration of the Information Security programs.
- Responsible for developing a training and development plan for Information Security teams.
- Manages the budget for the information security function, monitoring, and reporting discrepancies.
Required Education / Experience:
- Two or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
- Bachelor's degree from an accredited college or university.
- Seven to ten years of relevant experience, including five years in a leadership role.
- Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security.
- Master's or higher degree in Information Security, Information Technology, Business Administration, or relevant discipline.
- Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
- Experience with contract and vendor negotiations.
Knowledge, Skill & Abilities (KSAs):
- Must possess excellent interpersonal and written/oral communication skills.
- The ability to interact with executives at all levels.
- Able to execute projects and program/service delivery with limited direction in an overly complex environment.
- Advanced knowledge of information security governance, best practices, policies, standards, procedures, guidelines, and risk management principles.
- Strong knowledge of enterprise networks, personal computers, and software. Previous experience with Microsoft Teams, learning management systems, and SharePoint is a plus.
About INSPYR Solutions
Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients’ business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.
INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.
TAKE THE NEXT STEP.