The Director of Cybersecurity implements practices that meet agreed-upon policies for information security, understands and articulates the impact of cybersecurity on the business and works with senior leadership to determine acceptable levels of risk for the organization.
Will be knowledgeable about our business environments and ensure that information systems are fully functional, secure and compliant with legal, regulatory, and contractual obligations.
This position will be on-site at our office in downtown Grand Rapids, with the opportunity for remote work on Fridays. Our Unique Benefits
At RDV, we are intentional about enriching our culture and employee experiences through a unique blend of benefit offerings that include:
What You'll Do
- Robust health insurance options with competitive employer contributions.
- 401k retirement plan with a generous employer match of up to 7.5%.
- Paid Time Off (PTO) starting at 22 days per year in addition to 9 paid holidays.
- Flexibility through Remote Option Fridays (position dependent).
- Grab and Go Deli/Market with employer-provided account credit of $650/year.
- Fun culinary experiences and connecting with co-workers at monthly catered lunches, free of charge to employees.
- Employer paid parking in the heart of downtown Grand Rapids.
- Education and training reimbursement programs.
- Discounted memberships to MVP Sportsplex.
What You'll Bring
- Develop, implement, administer, and monitor a comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled and/or processed by the organization.
- Create and manage a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from laws, standards, compliance regulations, and contractual requirements.
- Manage a risk-based process for the assessment and mitigation of any information security risk in the organization's ecosystem. Provide oversite to ensure timely implementation of corrective action plans.
- Act as the point person for IT audits, SEC cybersecurity exams and SEC mock exams.
- Manage and contain information security incidents and events to protect IT assets, regulated data, and the company's reputation.
- Develop, socialize, and coordinate approval and implementation of security policies.
- Understand and interact with all areas of the business, directly and through committees, to ensure the consistent application of policies across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.
- Manage the information security awareness training for all employees, contractors, and other approved system users.
- Provide regular reporting on the status of the information security and compliance program to senior business leaders and committees.
- Determine the information security approach and operating model in consultation with information technology team and stakeholders.
- Monitor the external threat environment for emerging threats and advise senior business leaders and relevant stakeholders on the appropriate courses of action, creating plans and implementing.
- Develop, manage, and operate to an annual IT Cybersecurity budget and ensure cost effectiveness.
- Responsible for the creation and maintenance of information security and compliance related documentation.
- Responsible for Business Continuity (Business Continuity Plans, Disaster Recovery, and Incident Response) planning, testing, documenting, and reporting.
- Responsible for the IT vendor due diligence process.
- Create and lead a collaborative, multi-department cybersecurity team comprised of subject matter experts from Wakestream IT, Executive Protection, Legal, OAPC Compliance, RDV Technology Services and others as appropriate to review and discuss cybersecurity risk and risk mitigation (policies, process, tools, reporting).
- Create an annual cybersecurity update for key stakeholders and senior business leaders.
- Bachelor's degree preferred in Information Security, Computer Science, Software Engineering, Network Engineering, or related field or equivalent cybersecurity experience.
- 5+ years of experience in cybersecurity and information technology.
- Current industry certifications such as CISSP, CISA, CISM, CRISC and CEH preferred but not required.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001 and NIST (Cybersecurity Framework).
- Experience with Microsoft's security products (Cloud Security, Identity and Access, Zero Trust) preferred.
- Sound knowledge of business management and demonstrated experience with information security risk management and cybersecurity technologies.
- Up-to-date knowledge of methodologies and trends in information security, information technology and risk management.
- Experience using formal project management for the efficient planning, organizing and delivery of projects.
- Committed to the highest level of customer service.
- Work with management and employees in a pleasant and professional manner.
- Ability to handle multiple priorities and deadlines with excellent follow-through.
- Highly organized.
- Ability to sustain a high level of attention to detail.
- Current with technology trends and industry developments.
- Ability and willingness to learn new technologies quickly.
- Strong problem solving and analytical skills.
- Self-starter with the ability to evaluate, prioritize, and work independently.
- Understand and communicate complex technical ideas and structures to people with widely varying skills and interests.
- Excellent oral and written communication skills.
- Strong judgement and comfort-level working with confidential, sensitive, and proprietary information, as well as an uncompromised commitment to the highest level of confidentiality.
- Attention To Detail
- Business Continuity Planning
- Business Management
- Certified Ethical Hacker