Mission:
The mission of the Information Security Lead is to safeguard the organization's information assets by upholding the highest standards of security, compliance, and ethical responsibility-ensuring the confidentiality, integrity, and availability of data in support of business objectives and stakeholder trust.
Key Responsibilities:
- Establish and Enforce Security Policies
- Develop, implement, and maintain security policies, standards, and procedures to protect information assets.
- Ensure alignment with regulatory requirements.
- Risk Management
- Identify, assess, and prioritize risks to the organization's information systems.
- Recommend mitigation strategies and monitor risk reduction efforts.
- Security Awareness and Training
- Educate employees on cybersecurity best practices, phishing awareness, and secure data handling.
- Foster a culture of security mindfulness across departments.
- Incident Response
- Lead investigations into security incidents and coordinate response activities.
- Develop and regularly test incident response and disaster recovery plans.
Additional Job Duties:
- Develops and maintains the organization's information security program to align with business goals and evolving threats.
- Conducts internal security audits and assessments to evaluate the effectiveness of controls and identify gaps.
- Provides input and documentation to support the organization's cyber insurance policy and claims readiness.
- Creates and tracks cybersecurity metrics to report on risk posture and improvement areas to Manager.
- Reviews new systems and applications for security risks before deployment into the production environment.
- Collaborates on business continuity and disaster recovery planning to ensure security is integrated throughout.
- Implements and monitors data loss prevention (DLP) strategies to safeguard sensitive information.
- Ensures all systems and network devices follow secure configuration baselines and hardening standards.
- Reviews contracts for adequate cybersecurity clauses and data protection responsibilities.
- Monitors emerging threats and provides Manager with timely risk intelligence and mitigation recommendations.
- Participates in cybersecurity communities and industry groups to stay current and exchange best practices.
- Supports internal investigations by collecting and preserving digital evidence in accordance with legal standards.
- Other duties as assigned.
Skills, Qualifications and Requirements:
- 3-5+ years of experience in information security or IT with a focus on security.
- Experience developing policies, managing incidents, and working with compliance frameworks.
- Prior exposure to audit processes, risk assessments, and user awareness training.
- Certifications - CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), Security+ (CompTIA Security+)
- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or relevant experience
- Understanding security frameworks such as NIST, ISO 27001, CIS Controls, and CMMC.
- Excellent analytical and troubleshooting skills with a strong focus on results.
- Strong written and verbal communication skills.
- Excellent multi-tasker with a proven track record of successful time management.
- Strong personal organization skills.
Pay Range: $80,000 - $160,000. Pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other elements dependent on the position offered.
A-C Electric Company is an Equal Opportunity Employer; women, veterans, and minorities are encouraged to apply.