IT Cybersecurity Lead

Position Description

LISC seeks an experienced subject matter expert and leader to join our IT team as a Cybersecurity Lead. The Cybersecurity Lead will provide direction and guidance for all aspects of LISC’s governance, risk management, compliance and cybersecurity initiatives.

The Cybersecurity Lead is responsible for establishing and implementing security measures to protect our computer systems, networks, and data from cyber-attacks, enabling the protection of confidentiality and integrity of data, and ensuring the smooth operation of IT systems that support LISC’s activities and mission.

An ideal candidate has a solid understanding of various cybersecurity concepts, technologies, and best practices, as well as experience in managing and leading teams, and communicating across business departments. The role will foster strong working relationships with senior members of the program, legal, finance and technology teams to develop unified, business-aligned and comprehensive enterprise security, compliance and privacy policies and procedures.

Reporting to the Head of IT Infrastructure, you will:

• Manage the day-to-day security operations work of the network and infrastructure team.
• Implement security measures and protocols and continuously monitor and update them to protect against new threats.
• Develop and maintain IT security policies and procedures.
• Coordinate with different departments to ensure cybersecurity awareness and compliance.
• Stay updated with the latest trends in cybersecurity and adapt strategies accordingly.

Duties and Responsibilities

Security Program

• Develop and manage a comprehensive cybersecurity program.
• Detect vulnerabilities within IT systems via regular risk assessments and develop strategies to counteract them.
• Ensure compliance with industry standards and frameworks (i.e. NIST, ISO, PCI-DSS, SOC, HIPAA) as they relate to business operations.
• Identify, track and comply with all applicable regulatory requirements for cybersecurity.

Security Measures

• Oversee the installation, maintenance, and troubleshooting of cybersecurity systems and software.
• Provide advice and guidance on protecting sensitive data and maintaining the integrity of the IT infrastructure.
• Coordinate teams to carry out regular audits and inspections to ensure that our security systems are functioning as expected.

Work with IT Department teams

• Manage development and implementation of information security policies and procedures.
• IT team members in implementing and maintaining security measures.
• Conduct regular system audits to ensure their effectiveness.

Risk Awareness and Training

• With business units, facilitate risk assessments related to information security and risk management.
• Maintain current knowledge of applicable federal and state security laws, certification requirements and accreditation standards.
• Conduct regular security awareness training for employees.

Incident Response and Readiness

• In case of a security breach, assume ownership of incident response and mitigation, correction and/or prevention measures are taken as needed.
• Report regularly to senior management on the status of security measures and any breaches.
• Assure maintenance of disaster recovery procedures and conduct regular drills to ensure the readiness of the team.

Audit Activities

• Work collaboratively with business units to ensure security, privacy, governance, regulatory requirements and standards are met and align with business strategy and risk tolerance.
• Conduct risk assessments and audits to identify vulnerabilities.
• Coordinate responses to internal and external IT audits.

Third-party risk management

• Assess data security practices of third-party vendors who work with LISC data or systems.
• Manage relationships with third-party vendors and service providers to ensure they comply with our cybersecurity policies.
• Ensure adherence to technical, legal and policy standards and adequacy of controls on electronic systems that contain protected information.

 

Qualifications 

• Bachelor's degree in Computer Science, Information Technology, or a related field such as business, finance. Master’s degree preferred. Advanced security or vendor certifications such as CISSP, CISM, or CRISC are a plus.
• Minimum of 8 years of experience in the cybersecurity field.
• Relevant work experience across staff and orgs, including cybersecurity incident response, disaster recovery and business continuity management, identity and access management, information privacy, security operations center management and security architecture.
• Strong knowledge and experience with DFIR (Digital Forensics and Incident Response) and related network, server and application development tools and techniques.
• In depth knowledge of various cybersecurity frameworks and standards.
• Strong understanding of risk management and incident response procedures.
• Experience with security technologies such as firewalls, intrusion detection systems, and anti-virus software.
• Familiar supporting and securing technologies such as: PAM, Azure, M365 E5 and major cloud and SAAS providers.
• Knowledge and experience in areas such as network security, data protection, encryption, and risk management.
• Proficiency in various cybersecurity technologies and protocols to identify, prevent, and mitigate threats. The following or similar:
  • XDR/EDR/MDR
  • SIEM
  • SOAR
  • Rapid 7 – Velociraptor
  • Wireshark
  • Splunk
  • Python
  • Volatality / MemProcFS
  • Kroll Artifact Parser and Extractor – KAPE
  • WELA – Windows Event Log Analyzer

• Experience in managing and leading teams.
• Effective communication skills to collaborate with different departments, train employees on security protocols, and explain complex cybersecurity concepts in non-technical terms.
• Problem-solving skills to quickly identify and respond to security incidents, to minimize potential impact to LISC.
• Ability to stay up to date with the latest trends in cybersecurity, emerging threats, and best practices for defense.
• High standards and a commitment to maintaining confidentiality.
• Software Development experience a plus in terms of writing scripts for LISCs environment
• Experience in finance and/or lending a plus.

 

COMPENSATION & BENEFITS:

LISC offers a competitive salary of ($121,086- $151,357) commensurate with experience and excellent benefits.