• Provide leadership and mentoring to direct the Cybersecurity team.
• Develops and maintains the technology security framework for the AHA.
• Leads the AHA Incident Response Team. Works collaboratively on compliance efforts to ensure all technical requirements are satisfied.
• Identifies security gaps in technology and recommends enhancements.
• Serves as technology security subject matter expert throughout the department providing advisory and consultative services.
• Understands current and emerging security threats.
• Updates security framework to mitigate where appropriate.
• Stay abreast of new security technologies and integrate them into security architecture design when appropriate.
• Develops guidelines that adhere to security standards.
• Ensures compliance with programs such as PCI, Sarbanes-Oxley, HIPAA/HITECH, accessibility, and global data privacy.
• Shares compliance with technical teams.
• Participates in solution architectural design, and is responsible for security aspects.
• Evangelize the Cybersecurity program to the business stakeholders and technical teams

Skills: Team Leadership, Security Framework, Incident Response, Gap Analysis, Security Expertise, Threat Awareness, Architecture Integration, Compliance Management

• Develop an enterprise cyber security program to identify, evaluate, and report on Cybersecurity risks, while supporting business objectives.
• Own and continuously update information security policies, standards, and guidelines.
• Implement appropriate second-line assurance related to confidentiality, integrity, and availability, as well as the safety, privacy, and recovery of information.
• Partner with senior leaders to determine cyber risk thresholds for the organization.
• Implement/manage a governance structure and program, and provide regular reporting on the current status to executive leadership.
• Manage security awareness training for all employees, contractors, and approved system users.
• Understand and interact with related company disciplines (i.e. privacy, risk management, compliance) to ensure the consistent application of controls across all technology investments.
• Provide clear risk-mitigating directives for projects with components in IT, including the mandatory application of controls.
• Lead the cyber security function across the company to ensure consistent security management in support of business goals.
• Work with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored following applicable laws and regulations.
• Ensure that security is embedded in the project delivery process by providing the appropriate policies, practices, and guidelines.
• Develop and implement business continuity and incident response programs to ensure business-critical services, data, assets, intellectual property, and the company's reputation are protected.

Skills: Cybersecurity Program, Security Policies, Risk Assurance, Governance Reporting, Awareness Training, Collaboration, Risk Mitigation, Business Continuity

• Create and drive a forward-looking security roadmap that aligns with the organization's strategic vision and business priorities.
• Enhance cyber security and data privacy program
• Implement a formal security governance process to set priorities, goals, efficiency, and leverage of IT resources.
• Ensure formal procedures and documentation are in place.
• Evaluate current IT/security architectures, infrastructure, and end-user computing to determine lifecycle stage, constraints, costs, and future needs to support growth.
• Instill a culture of operational excellence and results orientation in a highly collaborative organization.
• Provide strong leadership and culture with a focus on identifying, motivating, and obtaining best-in-class vendor partners and talent.
• Continually assess the competitive landscape, emerging technologies, and approaches to ensure cyber security practices are up to date.
• Choose and implement tooling, as well as building playbooks.
• Lead solution planning and estimating of programs and projects, manage budgets and contracts.
• Prepare and present project plans, status reports, and cost/benefit studies, and recommend funding and resources.
• Manage third parties providing IT services and cybersecurity solutions
• Assist with the overall business technology planning, providing current knowledge and future vision of technology and systems.

Skills: Security Roadmap, Cybersecurity, Governance, IT Architecture, Operational Excellence, Leadership, Emerging Tech, Solution Planning

• Recommend the organizational direction and policy concerning Cybersecurity.
• Work with senior IT and business leaders to identify, define, and confirm the key threats to the information and financial assets of the organization.
• Understand the organization’s key business processes, systems, applications, and the latest knowledge in cybersecurity techniques across multiple platforms and environments.
• Develop a detailed understanding of company operations and establish a solid working relationship with business units throughout the organization.
• Create an environment that encourages the participation of business managers, audit, insurance, and legal staff in the Cybersecurity Program.
• Coach and provide leadership, direction, motivation, and supervision of direct reports.
• Develop and grow IT team members - identify development needs, and provide skill-building opportunities for the IT team.
• Coordinate and collaborate with the IT leadership across all areas including Infrastructure/Operations
• Ensure appropriate security system architecture planning, implementation, and operations of restaurant and guest-facing business solutions.
• Develop Cybersecurity Policies and Standards for use throughout the organization.
• Lead the Support Center and client's Brands in implementing these policies and standards to ensure that effective controls are in place.
• Take a leadership role in the design, development, testing, integration, implementation, and maintenance of security systems that will protect key information assets. 
• Provide assistance to define security requirements in the procurement and/or development, and deployment of all new hardware, software, and application systems.

Skills: Cybersecurity Strategy, Threat Management, Business Knowledge, Collaboration, Leadership, Team Development, Security Architecture, Security Policies

• Provide expertise and leadership to business security teams within the area of application cyber security to drive enterprise maturity and risk reduction within GE's application security landscape.
• Oversee the application security multi-year program and chair the Application Security Forum.
• Provide expertise and leadership to business security teams within the area of product cyber security and Operational Technology (OT) security to drive protection of GE's commercial products and manufacturing sites from a cyber standpoint.
• Oversee the Product Security Incident Response Team (PSIRT) and Operational Technology multi-year program, and chair the Product Security Council.
• Work independently and directly with business cyber teams to drive accountability and assurance for business delivery against GE policy and standards.
• Drive an integrated enterprise and product risk management framework to transform and mature GE's enterprise governance and 2nd line of defense capabilities.
• Oversee the Program Management Office (PMO) for the Assessment Services and Industrial Security Organization.
• Participate as a member of the senior leadership team in establishing the strategy, direction, and controls to ensure that objectives are achieved, risks are managed appropriately, and the organization’s resources are used responsibly.
• Execute team management activities focused on employee recruiting, development, performance management, compensation, and leadership.
• Align team for successful delivery of priorities and drive talent growth through effective coaching, feedback, and opportunities.
• Develop strong relationships with security leaders and cross-functional peers, and partner to drive outcomes.

Skills: Application Security Leadership, Product Security, OT Security, Risk Management, Program Oversight, Governance Framework, Team Management, Cross-Functional Collaboration

• Drive the strategy, integration plans, and implementation of cybersecurity architecture and capabilities for cloud solutions.
• Develop and enhance an information security management framework.
• Design, implement, and maintain policies, procedures, and controls necessary to ensure and protect the safety and security of all information system assets within the organization
• Evaluate the company’s threat landscape.
• Work directly with the business units to facilitate risk assessment and risk management processes.
• Be accountable for operational excellence of program delivery, with duties including project reviews, feasibility, cost-benefit analysis, prioritization, initiation, execution, and closure for all project work related to cyber security programs.
• Lead application security solutions, data loss prevention solutions, insider threat solutions, enterprise vulnerability management, and support business development (merger, acquisition, divestiture) security and IT solutions.
• Lead security audits and compliance initiatives.
• Lead or support business continuity and disaster recovery initiatives.
• Lead data privacy aspects of information security.
• Report on the company's cybersecurity posture and risk management priorities to senior management.
• Work with managers and team leaders to raise employee awareness and promote cybersecurity in the user community, conduct employee assessments, and include operational security requirements in employee and team KPIs.

Skills: Cybersecurity Strategy, Information Security Management, Risk Assessment, Program Delivery, Application Security, Security Audits, Business Continuity, Data Privacy

• A combination of blue-chip security consulting experience and complimentary industry leadership experience in a CISO, BISO, or security program leadership role or similar
• A demonstrated expertise in Security Architecture and/or Security Operational processes.
• Demonstrated experience in leading, shaping, and delivering a wide range of projects of different scales and complexity
• Program or project management office (PMO) experience
• Excellent writing and communication/presentation capabilities
• Highly competent in presentation and basic analytics tools – PowerPoint, Tableau, and Excel.
• A passion for driving projects that enable clients to achieve their security and strategic objectives.
• Ambition to develop leadership skills and a career within the practice.
• A strong commitment to operating within a diverse workforce and embracing and enhancing the inclusive culture.
• Solutions focussed and commercially aware.
• The ability to deliver expertise in critical and urgent situations, requiring rapid improvement.

Qualifications: BS in Risk Management and Information Security with 5 years of Experience

• Professional certification such as CISSP, CISM, CISA, or other similar credentials
• Experience managing and/or directing an IT and/or security operation.
• Experience in a senior role within information security in a large, global organization
• Experience working with privacy and GDPR/CCPA.
• Proven experience in planning, organizing, and developing IT security technologies.
• Experience in planning and executing security policies and standards development.
• Excellent knowledge of technology environments, including information security, building security, and defense solutions.
• Extensive experience running large-scale information/cyber security programs in a dynamic, international environment.
• Experience with building vulnerability management programs and information security monitoring and detection programs.
• Considerable knowledge of business theory, business processes, management, budgeting, and business office operations.
• Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems.
• Good understanding of computer systems characteristics, features, and integration capabilities.
• Experience with systems design and development from business requirements analysis through to day-to-day management.
• Excellent understanding of project management principles.

Qualifications: BS in Data Science with 13 years of Experience

• Relevant security incident response/forensics certification (i.e., OSCP, GIAC, CCFP, etc.), and security leadership certification (i.e., CISSP, CISM)
• Work experience with demonstrated leadership roles and innovative thinking
• Experience collaborating with other teams within a company to ensure product successes
• Ability to conduct individual research on pressing cyber security issues
• Possess technical aptitude and critical thinking skills while having the ability to think outside of the box to solve complex cyber security problems
• Strategic thinker, data-driven and analytical in approach to solving problems
• Strong written and verbal communication with excellent judgment, problem-solving, and decision-making skills
• Strong organizational and time management skills, as well as effective, versatile, and action-oriented
• Knowledge and experience with designing and implementing metrics and measurements
• Solid organizational/business planning and relationship-building skills
• Excellent knowledge of best practices around management, control, and monitoring of cyber controls

Qualifications: BS in Information Technology with 8 years of Experience

• Experience in cybersecurity, including compliance and risk management with a background in IAM and software development.
• A proven deep background (experience in cybersecurity) in technology design, implementation, and delivery, ideally software development.
• Experience in cloud computing technologies, including software-, infrastructure, and platform-as-a-service, as well as public, private, and hybrid environments.
• Extensive knowledge of traditional security controls and technologies, such as SIEM systems, PKI, IDAM systems, security automation and orchestration, and zero trust.
• Excellence in communicating business risk from cybersecurity issues.
• Experience driving measurable improvement in IAM capabilities at scale.
• Experience with Amazon Web Services (AWS), Microsoft Azure and GCP.
• Experience with Oracle and SnowFlake
• DevSecOps background with experience in application development.
• Experience with ISO 27001, NIST, Sarbanes-Oxley Act (SOX) the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards, or Service Organization Controls (SOC) 2.
• Exceptional written and verbal communication skills.
• Detail-oriented with strong organizational skills
• Ability to think strategically and tactically, with effective decision-making skills.

Qualifications: BS in Information Systems with 9 years of Experience

• Experience working with C&A, A&A, or SA&A activities
• Experience preparing and maintaining information security assessment and authorization documentation including System Security Plans (SSPs)
• Experience working with DIACAP and NISPOM
• Knowledge of the NIST Risk Management Framework
• Knowledge of the NIST 800-53, and DHS 4300 A
• Strong team player with the ability to work independently and within a group and maintain focus on strategic objectives
• Go-getter attitude with the ability to organize and manage a multitude of security control implementations
• Exceptional written and oral communication skills, including technical writing experience
• Proficiency in Microsoft Excel, Word, MS Project, and PowerPoint
• Strong leadership skills
• Must have Certification and Accreditation Professional (CAP), or GIAC Information Security, GIAC Security Leadership Certificate, or Certified Information Systems Security Professional (CISSP)

Qualifications: BS in Software Engineering with 6 years of Experience

• Experience in local, professional services firm leading engagements for physical and cyber risk assessments, internal audits, privacy, security assessments, investigations, and incident management
• Local knowledge of clients and industries preferred within the Los Angeles market
• Hold relevant industry certifications (Cyber Security Practitioner, CISSP)
• Experience developing and implementing information security systems
• A strong understanding of information security regulatory requirements and compliance issues across multiple industries
• Knowledge of general security concepts and methods such as vulnerability scanning, application security, compliance standards, HIPAA, PCI, SOX, etc.
• The ability to develop new engagement opportunities in cybersecurity
• The ability to contribute to the development of client deliverables and technical content
• Strong existing relationships and reputation within the Information Security or IT executive ranks (e.g., CIO, CISO, Director of Information Security, SVP, and VP of Information Security)
• Project management of information security projects including the development of project charters and plans, management of project execution and successful implementation of the planned solution
• Excellent presentation and communication skills, well-balanced IQ and EQ
• Experience working in process definition, workflow design, and process mapping 
• Experience managing information security in a global enterprise
• A confident senior leader with the personable skills to empower and inspire teams and IS Security practitioners and have a trusted position within the company and with customers.

Qualifications: BS in Computer Science with 12 years of Experience