Responsibilities may include, but will not be limited to the following:
• Design, implement and maintain advanced security technologies, threat hunting, and provide a frontline response for security incidents.
• Establish the information security management system (ISMS) as a standard, formal and continuous approach to information security management, enabling secure technology and business processes aligned with business requirements.
• Continually identify, assess, and reduce Information and Technology related risk within tolerance levels set by the Executive team and articulated by the IT Director.
• Ensure all information technology equipment is configured and operating according to best practices, Foundation policies, and standards, identifying opportunities to reduce residual risk and areas of non-compliance.
• Install and configure security measures and countermeasures to defend against cyber intrusions and attacks.
• Operate, configure, and fine-tune the Security Information and Event Management (SIEM) system. Analyze various security logs and related security events to determine risk and develop the necessary action plan.
• Perform periodic event and risk factor analysis to identify new or emerging risk issues and understand the associated internal and external risk factors.
• Perform third-party security audits and questionnaires, including on-premises, cloud, and SaaS solutions.
• Optimize and automate security-based processes.
• Respond to risk promptly to materialized risk events with effective measures to limit the magnitude of loss.
• Investigate and report all information regarding security breaches and other cyber security incidents. Develop automated adaptive responses and alerting of detected cybersecurity incidents.
• Manage vulnerabilities and monitor the infrastructure for security-related events. Provide vulnerability assessments and provide remediation plans.