INFORMATION SECURITY LEAD

The Information Security Lead will play a critical role in shaping and executing our information security strategy. This role involves leading the development and enforcement of security policies, conducting risk assessments, overseeing incident response, and ensuring regulatory compliance. You will act as the champion for security across the organization, advocating for best practices while fostering a culture of security awareness.

Shift: 9:30PM-7AM Mon-Fri; Hybrid setup with at least 2 days onsite weekly
Salary Range: 50 to 60K

Main Duties and Responsibilities:

• Develop & Execute Security Strategy
  • Lead the design and implementation of an organization-wide security strategy that addresses both proactive and reactive measures to protect sensitive data and systems.
  • Collaborate with key stakeholders to align the organization’s overall business strategy with information security priorities.
  • Develop clear, measurable security objectives that are aligned with business goals and regulatory requirements.
  • Ensure that the organization is compliant with industry regulations (e.g., GDPR, HIPAA, PCI-DSS) and that security measures align with regulatory requirements.
  • Lead audits and ensure adherence to security frameworks like ISO 27001, NIST, etc.
• Risk & Vulnerability Management
  • Identify, assess, and mitigate security risks and vulnerabilities across the infrastructure.
  • Lead regular risk assessments and recommend appropriate security controls.
  • Create and maintain data flow maps to ensure all relevant risks are identified in company internal systems;
  • Conduct regular scans and assessments of the organization’s infrastructure, applications, and networks to identify potential vulnerabilities and weaknesses.
  • Use industry-standard tools and techniques (e.g., Nessus, Qualys, or custom scripts) to detect flaws in configurations, code, and infrastructure.
  • Work closely with IT, development and relevant teams in addressing risks and vulnerabilities.
• Incident Response
  • Lead investigations into breaches, coordinating with internal teams to mitigate damage and restore services.
  • Prepare detailed incident reports documenting the timeline, root cause, response actions, lessons learned, and any follow-up activities required to mitigate future risk.
  • Work with relevant teams (e.g., IT, development) to eliminate the threat from the environment and prevent recurrence.
  • Communicate the incident’s status and impact to key stakeholders, including senior management, legal, compliance, and affected departments, throughout the response and recovery phases.
  • Recommend changes to improve detection, response time, or mitigation techniques for future incidents.
  • Conduct tabletop exercises and simulation drills to test the effectiveness of the IRP and ensure that all team members are prepared to respond to incidents in a coordinated, effective manner.
• Security Monitoring & Auditing
  • Implement controls, tools and systems for continuous monitoring of security events.
  • Perform routine security audits to identify areas of improvement and potential threats.
  • Analyze threat reports, security advisories, and vendor bulletins, integrating this information into the risk and vulnerability management strategy to proactively protect against zero-day attacks and newly discovered threats.
  • Conduct security audits to evaluate the effectiveness of current security measures and ensure compliance with relevant industry standards and regulations (e.g., ISO 27001, NIST, PCI-DSS, GDPR). Use audit findings to drive improvements in the organization’s vulnerability management program.
• Vendor Management
  • Assess and ensure the security of external services, software, and systems.
  • Conduct risk assessments relevant to each vendor, and collaborate with relevant teams in addressing any risks identified.
  • Ensure vendor compliance with company security and compliance obligations.
• Leadership & Mentorship
  • Lead a team of security professionals, providing guidance, mentorship, and fostering a security-first mindset across the organization.

Qualifications (Skills and Experience):

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
• Experience in information security with a focus on risk management, incident response, and compliance.
• Knowledge of security tools, firewalls, encryption, IDS/IPS, and vulnerability management.
• Expertise with security frameworks like ISO 27001, NIST, and PCI-DSS.
• Hands-on experience with security incident management, including breach investigations, root cause analysis, and response planning.
• Good foundational knowledge on IT Infrastructure, network and security.
• Experience with cloud security (AWS, Azure, etc.), network security, and endpoint protection.
• Excellent communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.
• Ability to lead and motivate teams, managing both strategic initiatives and day-to-day security operations.
• Relevant certifications such as CC, CISSP, CISM, CISA, or similar security-related certifications are a plus.

Find out more about Civicom Pacific at www.civi.com and our Feathers Project at www.feathersproject.org.

Apply Now!