Vice President & Chief Information Security Officer (CISO)

Full Job Description

EBSCO Industries, headquartered in Birmingham Alabama, was founded by an entrepreneur who was passionate about honoring our commitments to our customers, rejecting the status quo, and seeking to continuously improve our team. We continue to operate that way today, with a passion for our people and our businesses succeeding together. EBSCO has a variety of businesses that are within 5 different industries including Information Services, Publishing, Manufacturing, Real Estate and Insurance Services. We hire passionate people, driven to grow, because we know the success of EBSCO depends on the long-term success of our businesses and our teams.

EBSCO Industries, Inc., headquartered in Birmingham, AL, seeks an experienced, engaging, and visionary VP & CISO who wants to become part of an exciting, vibrant community of information technology professionals supporting EBSCO’s diverse business units.

The VP & CISO is an advocate for the EBSCO’s total information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the company and its subsidiaries. They will lead the development and implementation of a security program that leverages collaborations and company-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at an operations level.

DUTIES AND RESPONSIBILITIES :

• Work closely with EBSCO and Business Unit leadership on the development, implementation and enforcement of an Information Security strategy.

• Oversees the selection, development, deployment, monitoring, maintenance, and enhancement of the organization's security technology.

• Works closely with EBSCO’s Compliance Director on matters related to GDPR, Privacy Shield and PCI.

• Performs IT risk assessments, audits, and security incident investigation.

• Administers security programs and procedures.

• Work with Business Unit leadership to oversee the formation and operations of a company-wide Security Operations Center that is organized toward a common goal in information security.  The Security Operations Center serves to analyze and monitor activity on networks, servers, endpoints, databases, applications, websites and other systems to ensure that potential security incidents are correctly identified, analyzed, defended, investigated and reported.

• Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.

• Works closely with various EBSCO Business Units on addressing security vulnerabilities

• Provide guidance and counsel to key members of the company’s leadership team, working closely with senior executives, managers, and business units in defining objectives for information security, while building relationships and goodwill.

• Stay abreast of information security issues and regulatory changes affecting the corporation, participate in national policy and practice discussions, and communicate to leadership on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position

• Mentor direct reports, coaching and motivating the team via LEAN principles and implement professional development plans for all members of the team.

• Keep abreast of security incidents and act as primary control point during significant information security incidents.
• Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
• Examine impacts of new technologies on EBSCO’s overall information security.  Establish processes to review implementation of new technologies to ensure security compliance.
• Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Lead efforts to internally assess, evaluate and make recommendations to leadership and business units regarding the adequacy of the security controls for EBSCO’s information and technology systems.

BASIC QUALIFICATIONS

• 5+ years of experience leading teams in information security
• CISSP or CISM certification
• 10+ years of experience with information security enterprise technology such as: Firewalls, SIEM, DLP, VPN, DMZ, MFA, WAF, Intrusion Detection/Prevention, Encryption, Anti-virus, Anti-Malware, SOC operations, forensics, identity management, etc.
• Bachelor’s Degree in Computer Science, Engineering, or MIS. Master’s Degree is preferred

PREFERRED SKILLS:

• Hands-on experience leading or working in a Security Operation Center
• Deep understanding of existing security tools and capabilities
• Proven track record of building and managing a Cyber organization
• Excellent understanding of security architecture and design principles
• Excellent understanding of Identity Management governance, provisioning, and federation
• Excellent understanding of authentication and authorization policies, procedures and technologies
• Excellent understanding of security best practices including: ISO 17799/27001/27002, NIST Cybersecurity Framework
• Background in Lean/Agile methodologies
• Humble leader
• Strategic thinker

EBSCO Industries, Inc.is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.  EBSCO strictly prohibits and does not tolerate discrimination against employees, applicants, or any other covered persons because of race, color, sex (including pregnancy), age, national origin or ancestry, ethnicity, religion, creed, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.  This policy applies to all terms and conditions of employment, including, but not limited to, hiring, training, promotion, discipline, compensation, benefits, and termination of employment.

EBSCO complies with the Americans with Disabilities Act (ADA), as amended by the ADA Amendments Act, and all applicable state or local law.