Deputy Chief Information Security Officer
Remote - US
Applications have closed
Novanta
Discover Novanta's Careers and Culture to explore exciting job opportunities and learn about our vibrant workplace culture. Find out howBuild a career powered by innovations that matter! At Novanta, our innovations power technology products that are transforming healthcare and advanced manufacturing—improving productivity, enhancing people’s lives and redefining what’s possible. We create for our global customers engineered components and sub-systems that deliver extreme precision and performance for a range of mission-critical applications—from minimally invasive surgery to robotics to 3D metal printing.
Novanta is one global team with over 26 offices located in The Americas, Europe and Asia-Pacific. Looking for a great place to work? You have found it with a culture that embraces teamwork, collaboration and empowerment. Come explore Novanta.
This position is part of Novanta’s Corporate and Shared Services global teams. Novanta’s Corporate and Shared Services teams play an important role in executing the company’s strategic mission and operations. Included in Corporate and Shared Services are the business functions including Finance, Accounting, Human Resources, Information Technology, Legal, Compliance, Corporate Development and Corporate Marketing. The Corporate and Shared Services teams work closely with all Novanta business units to support operating initiatives contributing to the organization’s financial success.
Job Summary
The Deputy Chief Information Security Officer (DCISO) will lead activities in support of cybersecurity priorities in support of functional and organizational goals.
The DCISO provides support to the CISO in process ownership of all assurance and operational activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies.
This position is responsible for co-establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.
Primary Responsibilities
- The DCISO will be responsible for developing and maintaining a security architecture process, the security operations center (SOC), network operations center (NOC) related to security, and compliance strategy that enables the enterprise capabilities that are clearly aligned with business, technology, threat drivers, data privacy and regulations.
- Develop and maintain security architecture artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
- Responsible for Incident Response plan, including mitigation, communication, and investigation.
- Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data such as Software as a service (SaaS) provider, Cloud/infrastructure as a service (IaaS) provider, Managed service providers (MSPs) and Payroll providers.
- Liaises with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, increases the maturity of the information security, and reviews it with stakeholders at the executive levels.
- Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines.
- Ensure a complete, accurate and valid inventory of all systems, infrastructure and applications that should be logged by the security information and event management (SIEM) or log management.
- Coordinate with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO.
- Support the testing and validation of internal security controls, as directed by the CISO or the internal audit team
Education
- Bachelor’s degree in computer science, information technology, engineering, system analysis or a related study, or equivalent experience.
Experience and Credentials
- Minimum 15 years of experience in IT, with 12 years of experience in a combination of risk management & information security
- Strong knowledge of cyber security frameworks, information security principles, architecture, and cryptography
- Professional security management certification, in one or more of the following –
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- SANS Global Information Assurance Certifications (GIAC)
- Certified in Risk & Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
Skills
- Operational Planning & Project Management: Show structured thinking, planning, and the ability to execute by working through others, influencing without authority, and dealing with ambiguity.
- Ability to collaborate and influence without direct authority across multiple levels of an organization, work through ambiguity, successfully manage complexity and multiple priorities, self-motivated and thrives on minimal supervision, and work under continual deadline pressure in an extremely changeable and fast-paced environment.
- Exceptional written and Interpersonal skills: Communicate effectively and concisely with stakeholders, senior managers, and leaders about our programs and objectives.
- Performance Goal and Standards Setting: Develop and communicate to realistic timelines via plans that consider potential obstacles and immediate + long-term consequences.
- Flexibility and Adaptability: Regularly scan the environment to help anticipate changes that could affect key programs and projects.
- Effectively changes plans, goals, actions, or priorities to respond to changing situations.
- Ability to synthesize information, business requirements, and stakeholder needs to make informed decisions and provide recommendations.
Travel Requirements
- Approximately 10-20%
Compensation and Benefits
• The base pay for this position ranges from $194,000 up to $274,000 depending on the geographic market.
• Dependent on the position offered, annual bonusses and other forms of compensation may be provided as part of the compensation package.
• Novanta supports all aspects of your life’s needs. This position provides a full range of medical, financial, and other benefits to make your quality of life better
Novanta is proud to be an equal employment opportunity and affirmative action workplace. We consider all qualified applicants without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, military and veteran status, disability, genetics, or any other category protected by federal law or Novanta policy.
Please call +1 781-266-5700 if you need a disability accommodation for any part of the employment process.
Tags: CISA CISM CISO CISSP Cloud Compliance Computer Science CRISC Cryptography DevOps Finance GIAC IaaS Incident response NetOps Privacy Risk management SaaS SANS Security assessment SIEM SOC Strategy Vendor management
Perks/benefits: Career development Equity / stock options
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.