Deputy Chief Information Security Officer

Spartanburg, SC, United States

American Credit Acceptance

View company page

Overview

The Deputy Chief Information Security Officer will be responsible for: 

  • Supporting the CISO in establishing cybersecurity strategy 
  • Implementing and monitoring the security of information assets with current tools and technologies
  • Advising in the day to day security operations, incident response, and mentor a team of security professionals
  • Working closely with business leaders, technology leaders, and privacy professionals to assure the organization meets current standards, complies with regulatory requirements, and addresses the future direction of the business.

Detailed Responsibilities  

  • The Deputy CISO must be able to anticipate emerging threats as they relate to the changing business environment and work with the organization to address and mitigate any risks associated with these threats. Teamwork with the DEPUTY CISO, legal, vendor management, IT operations, and the business are critical.
  • The Deputy CISO will advise and coach the Information Security Office functions and will be responsible for design, implementation, and maintenance of controls and procedures to ensure the integrity and security for all computer-based systems and networks across all technical platforms. In addition, the Deputy CISO will review the identity management lifecycle and work with the vendor management organization to assure third party vendors and contractors meet company standards. The Deputy CISO will work closely with other business groups and stakeholders, including Legal, Compliance, Audit and Risk, ensuring the protection of information and assets including data, systems, databases, networks, and other resources. 
  •  The DEPUTY CISO will recommend information security investments which mitigate cyber and insider risks, strengthen defenses, and reduce vulnerabilities for development, internal, and client facing systems and products. In this role, the DEPUTY CISO must be able to not only assist the CISO with the strategic vision but must also be able to help implement and execute against it. The ability to communicate to peers, subordinates, and executive management are critical to the success of the DEPUTY CISO.

 

Essential FunctionsReasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

  • At the direction of the CISO, help implement, and monitor a strategic, comprehensive enterprise information security and risk management program. 
  • Leverage information security experts and technology to support a secure infrastructure, secure applications, and overall data security; lead strategic security planning with IT Operations, development teams, and users across the organization. 
  • Develop, communicate, and ensure compliance with organizational security policies and standards; proactively work with business units to implement practices that meet defined policies and standards for information security. 
  • Create and manage information security and risk management awareness training programs for employees, contractors, and approved system users. 
  • Work directly with business units to facilitate IT risk analysis and risk management processes; identify acceptable levels of risk and establish roles and responsibilities regarding information classification and protection. 
  • Provide subject matter expertise to executive management on a broad range of information security standards, best practices, and compliance requirements. 
  • Work with developers and architects to ensure security is appropriately built in the development cycle. Coordinate the performance of internal and external network and systems vulnerability assessments and penetration tests.
  • Facilitate the review and verification of all new third-party vendors with respect to their information security policies and procedures. 
  • Coordinate organizational efforts in response to security events. 
  • Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security program. 
  • Provide coaching and professional mentorship  of the day-to-day security operations.
  • Review and advise on all application projects impacting information security. 
  • Provide coaching and professional mentorship of the day-to-day security operations and/or other administrative areas. 
  • Assess information security risk as well as conduct functionality and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements. 

 

 Qualifications

  • 8+ years of experience in the information security field and 5+ years of leadership in an information security role. 
  • Experience with financial industry compliance regulations. 
  • Experience in developing a young organization is a significant advantage. 
  • Proven experience with current IT security technologies. 
  • Demonstrated experience with information security frameworks. 
  • Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computing. 
  • Demonstrated ability to frame security and risk-related concepts to both technical and nontechnical audiences. 
  • Bachelor’s degree or equivalent experience in an IT-related discipline. 
  • 3+ years in business architecture, project management, reengineering, IT consulting or other relevant experience. 
  • BA/BS required, MBA, MIS or other relevant post-graduate degree a plus. 
  • Ability to drive execution of aggressive goals through effective planning, prioritization, resource management, and follow through. 
  • Proven track record of building influential relationships with internal customers; ability to influence across departmental lines without direct authority.
  • Ability to think strategically and identify and understand business needs and translate into strategic direction, plans and solutions. 
  • Experience working with business process reengineering and IT solutioning; experience working on project teams bringing together both business & technology. Capable of explaining technical concepts to a non-technical audience. 
  • Superior verbal and written communication skills, including ability to tailor communications based on audience. 
  • Experience leading people, with demonstrated ability to attract, develop, motivate and retain talent. 
  • Proficiency in interpreting financial results and business data to identify opportunities and risks. 
  • Preferred hands-on technology and process experience includes Privileged Access Management (PAM) vendor implementations, Active Directory hardening, vulnerability management software, SOC operations, Cloud security, Endpoint detection software, SIEM implementations, Governance Risk and Controls (GRC) tools and processes.

 

Supervisory Responsibility

This position may involve supervisory responsibilities.

 

Work Environment and Physical Demands

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

 

Position Type/Expected Hours of Work

This is a full-time position with a work schedule from Monday through Friday with some schedule variations as needed. Hours may vary or exceed 40 in any given week depending on the needs of the business.

 

Travel

Up to 10% travel may be needed in this role.

 

EEO Statement 

ACA provides equal employment opportunities (EEO) to all applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. ACA complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. 

 

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Active Directory CISO Cloud Compliance Governance Incident response Monitoring Privacy Risk analysis Risk management SIEM SOC Strategy Vendor management Vulnerabilities Vulnerability management

Perks/benefits: Career development Team events

Region: North America
Country: United States
Job stats:  10  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.