Share this Job

Director of Cybersecurity and Data Privacy

Date: Jul 22, 2022

Location: Remote, US

Company: Syniti

Syniti enables agile enterprises with silo-free enterprise data management that helps turn complex data challenges into competitive advantages. With a unified, learning platform and one of the world’s largest teams of data-focused experts, enterprises and global alliance partners choose Syniti when they require trusted data to ignite business growth and reduce risks. Syniti is a portfolio company of BridgeGrowth Partners LLC. Headquartered in Boston, Massachusetts with offices in 25 countries around the world, Syniti operates in all global regions and industry verticals, and maintains a 99.7% client success rate across thousands of complex data projects and initiatives.

SUMMARY

Reporting to the CIO/CISO the Director of Cybersecurity and Compliance must be strategic minded with tactical skills capable of evolving and driving the Cybersecurity and Privacy Program (CPP) within a Global company. The Director is a savvy communicator with proven capabilities engaging senior managers, employees, and external parties able to bring organizational and cultural change to Syniti.  The person in this role will manage and lead the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations. This position will also support departments and help manage projects for implementation of the information security management system.

 

SPECIFIC DUTIES

  • Create a strategic business plan that aligns and supports the organizations strategic goals
  • Ensure Cybersecurity and Privacy Program is running effectively and efficiently every day
  • Organize and prepare Cybersecurity Steering Group (CSG) presentations
  • Create, maintain, and communicate CPP policy, practices and standards
  • Manage and facilitate internal and external cybersecurity audits
  • Conduct risk assessments and oversee risk treatment planning and execution
  • Key member of the Change Control and Cybersecurity Operating Group committees ensuring shift left and organizational standards
  • Maintain compliance requirements to applicable (global) statutes, regulations, and contracts
  • Evaluate threats and vulnerabilities and select risk mitigation controls that reduce or eliminate the risk
  • Part of team to design risk mitigation strategies to reduce or eliminate risk to information, people and technology
  • Lead security communication campaigns on specific topics as agreed to by CSG
  • Lead Security Awareness Training on specific topics as agreed to by CSG
  • Lead Continual Improvement by establishing a roadmap, establish feedback loops and lessons learned
  • Keep detailed records and control documentation the GRC platform
  • Manage compliance and process of certification across multiple standards – ISO 27001 & SOC Type 2
  • Maintain supply chain risk management program
  • Manage and assist Syniti response to client’s due diligence for new and existing contracts

 

EDUCATION and/or EXPERIENCE:

  • Bachelor’s Degree in Computer Science, Information Systems or related field
  • CISSP, CISM, CISA, CRISC (or equivalents)
  • ISO 27001, NIST, CIS (or equivalents)
  • GDPR, CCPA, (or equivalent)
  • 7+ years of relevant work experience

 

QUALIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The qualifications listed below are representative of the knowledge, skills, and abilities required.

 

  • Experience supporting ISO 27001 based programs
  • Experience with financial accounting for budgets
  • Experience with security appliances and software
  • Experience with program maturity model reporting
  • Proven ability reporting and presenting to senior management
  • Proven ability to drive organizational and cultural change to security first mindset
  • Experience running vulnerability assessment programs
  • Experience conducting risk assessments, risk reports and maintaining risk treatment plans
  • Experience with creating project plans and leading projects
  • Experience writing policies, procedures, standards and reports
  • Experience leading and participating investigations into security incidents or tabletop exercises
  • Incident response plan authorship or contributor experience
  • Experience implementing and leveraging a GRC platform to best practice
  • Good listener with a proven ability to gather requirements and work with people at all levels
  • Strong analytical, technical, and problem-solving skills
  • Excellent verbal and written communication skills

Syniti is proud to be an equal opportunity employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.


Nearest Major Market: Eugene