Vaco
Director of Cyber Security
Vaco, Brentwood, Tennessee, United States, 37027
Role will work onite in Brentwood, TN 3 days per week
Senior Director, Information Security and Privacy Compliance located at our corporate office in Brentwood, TN. Come join a team that is dedicated to making an impact for the people and communities we serve.The Senior Director, Information Security and Privacy Compliance facilitates the effective planning, management, governance, Information Security Framework, which includes NIST 800-27 CSF, NIST 800-171, NIST 800-53 and Data Privacy. Coordinates and responds to all inquiries from internal and external audit teams related to the company Technology services, initiatives, projects, platforms and products. Ensures that all processes related to the IT Security program and compliance initiative are successfully prioritized, launched, executed and delivered with regular status reporting. Manages and mentors staff members focused on security and compliance tools, as well as policy management.Establishes a comprehensive and strategic privacy and security compliance program that defines, maintains, develops, and implements processes and policies that enable compliant and effective privacy practices. Ensures confidentiality of protected health information in any format and provides standards, policies, privacy forms, and up-to-date procedures.Supports and monitors ongoing compliance activities relative to applicable regulations and standards (e.g. NIST Cybersecurity Framework, NIST 800-30, NIST 800-53, DHS 4300A, HIPAA, HiTrust etc.).Supervises staff in the performance of their duties and evaluates as prescribed by company policy. This includes but is not limited to, training new employees, evaluating performance and preparing written performance reviews, listening to concerns and effectively resolving disputes or issues, taking corrective or disciplinary action, developing work schedules for staff and approving leave requests.Leads all Information Security projects, including managing line staff and executive relationships. Provides updates on project status/progress toExecutive leadership and the Technology Steering Committee as needed.Collaborates on project budgeting as part of the Technology Management Team and Operations Finance. Works closely with project teams, Accounting, and Purchasing to ensure all acquisition efforts are performed on plan, with integrity, and fiscally responsible.Gathers required evidence from all functional areas necessary to demonstrate all required regulatory security controls are in place.Monitors and advises on security and privacy items related to systems and workflows, ensuring internal security controls for business operations are in place and adheres to applicable InfoSec regulations. Serves as an internal consultant to various levels of management and facility leadership regarding emerging technologies.Develops and reports security risk and compliance metrics for the enterprise, departments, processes, and individual assets and applications.Manages policy exceptions, identifies rationale and risks in support of exception requests, weighs effectiveness of compensating controls and makes recommendations relevant to and based on exception requests.Establishes and works with a multidisciplinary team, including audit and risk, Compliance, HR, Legal, business process owners, IT, Security and other internal stakeholders to ensure enterprise-wide coverage of the information security and privacy discipline.Works with industry leaders to develop and implement best practices for tuning, performance and functional administration of information security technologies.Domestic U.S. travel may be required.
Qualifications:
Graduate from an accredited college or university with a Bachelor's degree in IT Security, Information Systems, Law, or a related field is required.Seven years of experience in Information Security or Compliance is required.Three years of supervisory experience is required. Additional related experience may be substituted for education requirement on a year-for-year basis.At least one of the following certifications or equivalent is required: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), and/or Certified Information Privacy Technologist (CIPT), and one or more of: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA)certifications.Solid understanding of the dependencies that exist between systems, servers, storage, database, network, and cloud-based components required.Strong understanding of regulatory compliance standards, particularly NIST Cyber Security Framework, NIST 800 series, SOC2, and Federal Risk and Authorization Management Program (FedRAMP) required.Strong understanding of security audit methodologies with management, oversight, and reporting of audits to the executive level and third parties required.Experience using GRC tools is required.Vaco values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.EEO Notice
Vaco is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.Vaco LLC and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco LLC and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com .Vaco also wants all applicants to know their rights that
workplace discrimination is illegal .By submitting to this position, you agree that you will be giving Vaco the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.Privacy Notice
Vaco LLC and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco") respects your privacy and are committed to providing transparent notice of our policies.California residents may access Vaco's HR Notice at Collection for California Applicants and Employees here.Virginia residents may access our state specific policies here.Residents of all other states may access our policies here.Canadian residents may access our policies in English here and in French here.Residents of countries governed by GDPR may access our policies here.Pay Transparency Notice
Determining compensation for this role (and others) at Vaco depends upon a wide array of factors including but not limited to:the individual's skill sets, experience and training;licensure and certification requirements;office location and other geographic considerations;other business and organizational needs.With that said, as required by local law, Vaco believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.
#J-18808-Ljbffr
Senior Director, Information Security and Privacy Compliance located at our corporate office in Brentwood, TN. Come join a team that is dedicated to making an impact for the people and communities we serve.The Senior Director, Information Security and Privacy Compliance facilitates the effective planning, management, governance, Information Security Framework, which includes NIST 800-27 CSF, NIST 800-171, NIST 800-53 and Data Privacy. Coordinates and responds to all inquiries from internal and external audit teams related to the company Technology services, initiatives, projects, platforms and products. Ensures that all processes related to the IT Security program and compliance initiative are successfully prioritized, launched, executed and delivered with regular status reporting. Manages and mentors staff members focused on security and compliance tools, as well as policy management.Establishes a comprehensive and strategic privacy and security compliance program that defines, maintains, develops, and implements processes and policies that enable compliant and effective privacy practices. Ensures confidentiality of protected health information in any format and provides standards, policies, privacy forms, and up-to-date procedures.Supports and monitors ongoing compliance activities relative to applicable regulations and standards (e.g. NIST Cybersecurity Framework, NIST 800-30, NIST 800-53, DHS 4300A, HIPAA, HiTrust etc.).Supervises staff in the performance of their duties and evaluates as prescribed by company policy. This includes but is not limited to, training new employees, evaluating performance and preparing written performance reviews, listening to concerns and effectively resolving disputes or issues, taking corrective or disciplinary action, developing work schedules for staff and approving leave requests.Leads all Information Security projects, including managing line staff and executive relationships. Provides updates on project status/progress toExecutive leadership and the Technology Steering Committee as needed.Collaborates on project budgeting as part of the Technology Management Team and Operations Finance. Works closely with project teams, Accounting, and Purchasing to ensure all acquisition efforts are performed on plan, with integrity, and fiscally responsible.Gathers required evidence from all functional areas necessary to demonstrate all required regulatory security controls are in place.Monitors and advises on security and privacy items related to systems and workflows, ensuring internal security controls for business operations are in place and adheres to applicable InfoSec regulations. Serves as an internal consultant to various levels of management and facility leadership regarding emerging technologies.Develops and reports security risk and compliance metrics for the enterprise, departments, processes, and individual assets and applications.Manages policy exceptions, identifies rationale and risks in support of exception requests, weighs effectiveness of compensating controls and makes recommendations relevant to and based on exception requests.Establishes and works with a multidisciplinary team, including audit and risk, Compliance, HR, Legal, business process owners, IT, Security and other internal stakeholders to ensure enterprise-wide coverage of the information security and privacy discipline.Works with industry leaders to develop and implement best practices for tuning, performance and functional administration of information security technologies.Domestic U.S. travel may be required.
Qualifications:
Graduate from an accredited college or university with a Bachelor's degree in IT Security, Information Systems, Law, or a related field is required.Seven years of experience in Information Security or Compliance is required.Three years of supervisory experience is required. Additional related experience may be substituted for education requirement on a year-for-year basis.At least one of the following certifications or equivalent is required: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), and/or Certified Information Privacy Technologist (CIPT), and one or more of: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA)certifications.Solid understanding of the dependencies that exist between systems, servers, storage, database, network, and cloud-based components required.Strong understanding of regulatory compliance standards, particularly NIST Cyber Security Framework, NIST 800 series, SOC2, and Federal Risk and Authorization Management Program (FedRAMP) required.Strong understanding of security audit methodologies with management, oversight, and reporting of audits to the executive level and third parties required.Experience using GRC tools is required.Vaco values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.EEO Notice
Vaco is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.Vaco LLC and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco LLC and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com .Vaco also wants all applicants to know their rights that
workplace discrimination is illegal .By submitting to this position, you agree that you will be giving Vaco the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.Privacy Notice
Vaco LLC and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco") respects your privacy and are committed to providing transparent notice of our policies.California residents may access Vaco's HR Notice at Collection for California Applicants and Employees here.Virginia residents may access our state specific policies here.Residents of all other states may access our policies here.Canadian residents may access our policies in English here and in French here.Residents of countries governed by GDPR may access our policies here.Pay Transparency Notice
Determining compensation for this role (and others) at Vaco depends upon a wide array of factors including but not limited to:the individual's skill sets, experience and training;licensure and certification requirements;office location and other geographic considerations;other business and organizational needs.With that said, as required by local law, Vaco believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.
#J-18808-Ljbffr