This is a key Cybersecurity leadership role responsible for overall design of security platforms, processes and organizational structure. This role will also be responsible for validation and approval of security products and services delivered to our clients, engaging as needed with internal product, sales operations and senior client leaders. Along with the rest of the security leadership  team, this role is expected to ensure Ensono’s existing and planned cybersecurity control architecture effectively secures Ensono, ensures achievement  of compliance and enables business growth and client satisfaction. Lastly a key responsibility of this role will be to engage the organization, management and the board to fulfill effective governance of Cybersecurity at Ensono.
 

• Evangelize the criticality of security and obtain /maintain strong support for security imperatives

• Design security platforms, processes and organizations that enforce security policies and controls
• Manage the multi year security roadmap aligned with continually reducing security risk
• Develop high level solutions, estimates and plans for security initiatives
• Review and design security products and services for our clients  along with our Product team
• Contribute to the ongoing development of security polices, risk frameworks and key metrics
• Define and document standard for secure operations across Ensono: internal datacenter, secure perimeter, public cloud, software-as-a-service, vendor hosted, public and private endpoints, etc.
• Design technical control standards for a variety of information systems based on industry best practices and guidelines (e.g., NIST CSF, CSA, CIS, OWASP)
• Recommend specific control sets to mitigate inherent risk identified through cybersecurity risk assessments. Provide technical expertise to guide security risk assessments as needed
• Coordinate with Cyber Threat Intelligence and Cybersecurity Operations to ensure cybersecurity control design is informed by current threat intelligence and incident response
• Enhance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members
• Collaborate with Product teams and client facing Solution Architects in ensuring security controls are properly designed into client solutions
• Meet with clients to discuss and better understand their security requirements and the design principles required to meet them
• Prepare and present accurate and timely information in response to audits and regulatory exams
• Collaborate with team members across the globe
• Determine security requirements by evaluating business strategies; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture and platforms
• Remain up to date with the latest security technologies, standards, and regulations

Required Skills:

• Bachelor’s degree in IT, Computer Science or related field
• 10-15 years’ experience in information security and IT risk management
• Robust experience working in a Global organization
• Good working knowledge of security and compliance regulations
• Strong overall communication skills
• Ability to interact with Client executives, C-suite and board members
• Ability to lead through influencing
• One or more of the following IT security certifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• SANS-related certifications

Location:

• Downers Grove, IL (preferred); for remote candidates at least 20-25% travel to Downers Grove, IL