POSITION SUMMARYThe Director of IT Security, under the direction of the Chief Information Officer, is responsible for putting in place the resources, processes, systems, policies and procedures and cyber strategy to protect the entire Tribe, including all government, gaming, health and enterprise divisions. This position works closely with all other managers and executives across the Tribe to promote strong security practices and to understand potential cybersecurity vulnerabilities. The Director of IT Security is responsible for maintaining an informed and knowledgeable understanding of evolving cyber threats, new security tools and best practices, ESSENTIAL FUNCTIONS: (includes, but is not limited to, the following)
Develop and Implement Security Policies:
- Formulate, implement, and maintain comprehensive security policies and procedures to safeguard the organization's systems, data and people.
Risk Management:
- Identify, assess, and manage security risks. Develop strategies to mitigate potential threats to the organization's information systems.
Security Architecture:
- Design and oversee the implementation of security architecture, ensuring that it aligns with the organization's business goals and industry best practices.
Incident Response and Management:
- Establish and lead incident response plans including testing and training. Coordinate and respond to all security incidents, ensuring timely resolution and minimizing impact.
Security Awareness and Training:
- Will define, support and coordinate training programs to educate employees about security policies, procedures, and best practices. Foster a culture of security awareness within the organization.
Security Audits and Assessments:
- Manage the process of security audits and assessments to identify vulnerabilities and weaknesses in the organization's IT infrastructure. Take corrective actions to address any findings.
Compliance:
- Ensure compliance with relevant laws, regulations, and industry standards.
- Stay abreast of emerging security technologies and trends. Evaluate and recommend security solutions to enhance the organization's overall security posture.
Collaboration:
- Work closely in collaboration with CIO, and at times, on own directly with executives, board of directors, other departments, IT teams, and senior management to align security initiatives with overall business objectives.
Budgeting and Resource Management:
- Develop and manage the IT Security budget, collaborating with the CIO and Executive Technology Steering Committee on needs and priorities. Allocate available resources effectively to address security priorities.
ADDITIONAL RESPONSIBILITIES: (includes, but is not limited to, the following)
All other job-related duties as assigned
CONTACTS:
Immediate peers, peers in other departments, immediate supervisor/manager, managers in other departments, Executives, Board of Directors, customers and outsides vendors/service providers.
PHYSICAL REQUIREMENTS:
Position medium with lifting of 50 pounds maximum and frequent lifting and carrying up to 25 pounds. Physical factors include constant sitting, near and midrange vision, typing; frequent walking, use of hearing, color vision and driving; and occasional carrying/lifting, pushing/pulling, climbing, stooping, kneeling, crawling, reaching, manual handling, use of smell, far vision/depth perception, field of vision and bending. Working conditions include occasional exposure to weather, heat, cold, wet/humidity, noise, vibration and air quality. Potential hazards include constant computer use and occasional exposure to moving mechanical parts, electric shock, high exposed places, chemicals, client contact and medical equipment use.
Education: Bachelor's Degree in Computer Science, Information Technology, or Cybersecurity field or five years demonstrated ability in relevant experience may be considered in lieu of degree.
Experience: Five years of experience in overseeing information technology or cybersecurity team for a large organization in addition to above stated degree requirements.
Certification/License: Must have a valid driver’s license and be insurable by the Sault Tribe Insurance Department. Must comply with annual driver’s license review and insurability standards with the Sault Tribe Insurance Department. Must undergo a criminal background investigation done under the rules of the National Indian Gaming Commission. May be required to complete and pass pre-employment drug testing.
Knowledge, Skills and Abilities:
Knowledge
Cybersecurity Frameworks and Standards: In-depth knowledge of cybersecurity frameworks (e.g., NIST Cybersecurity Framework, CIS Controls) and industry best practices.
Security Technologies and Solutions: Expertise in various cybersecurity tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, data encryption, data backup/restoration solutions and best practices, patch management, and security information and event management (SIEM) solutions.
Risk Management: Thorough understanding of risk assessment methodologies, threat modeling, performing cybersecurity desktop exercises and vulnerability management principles.
Security Policy and Compliance: Strong knowledge of IT security policies, procedures, and compliance regulations relevant to the organization (including HIPAA, PCI-DSS GDPR, MICS, CJIS and tribal data sovereignty concerns).
Identity and Access Management (IAM): Solid understanding of IAM principles, access controls, and user authentication methods.
IT Systems and Infrastructure: Solid understanding of data and voice networking, wireless and Wi-Fi, internet connectivity, desktops and peripheral devices, Microsoft tools/servers/operating systems, email, cloud technologies and services.
Skills
Security Architecture and Design: Proven ability to design, implement, and maintain a comprehensive cybersecurity architecture for the organization.
Security Incident Response and Forensics: Ability to create and maintain an Incident Response Plan and lead and manage security incident response activities, including investigation, containment, eradication, and recovery.
Communication and Presentation: Excellent written and verbal communication skills to present complex security information to both technical and non-technical audiences.
Leadership and Team Management: Strong leadership skills to motivate, mentor, and guide a team of IT security professionals.
Budget Management: Skilled in developing and managing the IT security budget effectively.
Abilities
Analytical Thinking and Problem-Solving: Strong analytical and problem-solving skills to identify, assess, and mitigate cybersecurity risks.
Technical Expertise: Deep understanding of IT infrastructure, networks, and operating systems.
Strategic Planning: Ability to develop and implement a long-term cybersecurity strategy aligned with the organization's overall goals.
Communication and Negotiation: Proven negotiation skills to secure resources and advocate for cybersecurity initiatives. Understand and ensure best practice cybersecurity language is included in all third-party Agreements.
Compliance Management: Ability to ensure adherence to security policies, procedures, and relevant compliance regulations.
Learning Agility: Strong desire to stay up-to-date on emerging cybersecurity threats and technologies.
Native American preferred.
Powered by ExactHire:184335
