Vice President, Information Security
We are currently seeking a Vice President (VP), Information Security who will provide the overall definition, guidance, and direction of information security strategies to support ARIN’s corporate objectives and protect the company’s assets. This role will partner closely with the Chief Technology Officer (CTO) and other executive staff to develop the overall information security program approach in a rapidly changing environment.
The VP, Information Security will be responsible for the establishment of the right security and governance practice as well as enabling a framework for risk-free and scalable business operations in ARIN’s challenging business landscape. This position will also be responsible for design and approval of a comprehensive security strategy. The strategy will account for the end-to-end lifecycle of information security operations, including evaluating the digital threat landscape, devising policy and controls to reduce risk, and leading auditing and compliance initiatives.
This role will also participate in the overall planning, budgeting, organizing, and auditing of all security functions at ARIN; and oversee ARIN’s data security, compliance, and security risk management. In addition, this position will help direct the design and compliance of security systems, programs, and systems software to meet community and company user needs. The VP, Information Security is responsible for driving security compliance direction of projects supporting the ARIN community.
This individual will lead the strategic planning and assessment of information security strategies, policies, procedures for ARIN; and oversees the direction for strategic information security resources and architecture, supports internal initiatives, and creates company policy and security requirements for vendors and partners. The complexity of this position requires a leadership approach that is imaginative, collaborative, and resilient, with the ability to work with peer IT leaders to set the best balance between priorities.
The VP, Information Security will be responsible for establishing and auditing policies and protocols that protect the organization's digital and physical assets; and leads a team of IT security professionals who assist ARIN with possible cyber-crime, data risks, or fraud during suspect events. The candidate will also participate in the response to security incidents through policy and process compliance. This leader will work with the COO, CTO, Human Resources, and department heads with regards to communications and disciplinary actions related to Internet and computer discretions, crimes, and cyber-fraud.
This strategic role will bridge the technical and business worlds and is accountable for driving and supporting the creation, enhancement, and implementation of internal security systems strategy for key business functions and the overall planning and success of systems projects across the company.
Primary Duties and Responsibilities
- Manage, build and develop ARIN’s information security policies, auditing the processes and procedures needed to support internal and external customers.
- Partner with fellow senior managers to align company information technology with strategic and tactical direction and project management.
- Establish information security policies and standards. Ensure that the attendant practices and security measures are in place to ensure effective and consistent system operations as well as to safeguard resources. Audit the implementation and execution of new/upgraded information security systems via well-defined plans to ensure the procedures follow the developed security framework.
- Works with the COO and CTO to establish information security priorities, manage projects, and coordinate activities in support of corporate objectives.
- Responsible for developing and maintaining the information security policy portion of the Business Continuity Plan and Crisis Communication Plan. Provide support and guidance in the development of the overall company Business Continuity Plan and Crisis Communication Plan as it relates to information security.
- Coordinate information security efforts in support of project management for the other departments and external organizations.
- The position is also responsible for the policy and associated auditing aspects of physical security, such as ARIN’s suite security system, and data center access and protection.
- As necessary, coordinate and communicate directly with the President/CEO on projects and other items, providing updates to the COO.
- Set in place a plan for succession management – short-term and long-term. Identify and mentor staff members with potential for promotion and future leadership position in the information security area. Evaluate plan on an annual basis.
- Participate in the development and planning of ARIN’s annual operating plan for presentation to the Board. Determine the tactical and strategic direction of the department in conjunction with the overall company strategic and operating plan, and produce an annual work plan, that includes implementation of relevant strategic and operating objectives. Develop and maintain department budget, exercising fiduciary control and responsibility for the department.
- Represent ARIN’s security policy and auditing process and procedures at both internal and external industry related meetings. Present clearly articulated messages that place ARIN in a positive light.
- Adhere to company ethics policy. Set standard of ethical conduct for department staff by exhibiting high ethical principles at all times. Report any incidents of unethical behavior or possible fraud to the Senior Director of HR and Administration, COO, or President & CEO. Provide a written quarterly statement of any such activities.
- Serve as the information security liaison for coordinated cross-registry efforts.
- Ability and willingness to travel in accordance with ARIN travel guidelines.
- Perform other related duties as required and assigned.
Background / Skills Required
- Four-year college degree in an information systems or computer science related discipline or equivalent work experience.
- Hold current professional security management certifications.
- Fifteen years of information technology experience and management experience with a solid background in the development and execution of enterprise-wide information security programs.
- Experience in managing one or more information processing functions, with the ability to organize and manage multiple priorities. Experience with problem analysis and problem resolution at both a strategic and functional level.
- Experience with contract and vendor negotiations and management.
- Experience with Cloud computing/Elastic computing across virtualized environments as it relates to information security.
- Experience in IP network deployment and critical Internet operations.
- Five years of leadership experience in a technology-driven company. Management skills which successfully perform planning, directing, reporting and administrative responsibilities.
- Ability to communicate technical concepts to technical and non-technical audiences.
- Proven ability to think ahead and plan over a 1–3-year time span.
- Excellent written and oral communication skills, strong computer skills and ability to handle multiple tasks. Strong organizational skills.
Background / Skills Preferred
- Knowledge and policy development using common information security management frameworks, such as NIST’s Cybersecurity Framework, NIST 800-53 controls, SOC-2 compliance, ISO/IEC 27001, GDPR, PCI, etc.
ARIN offers competitive salaries and comprehensive benefits, including but not limited to:
- Group health and dental insurance – ARIN pays over 90% of the premium costs
- Group vision care – no employee deduction for employees and any dependents
- Flexible Spending Account and Dependent Care Account
- 401(k) retirement plan - up to 9% matching after first year of service, and all contributions are 100% vested. In addition, in 2012-2020, ARIN made an additional discretionary 401(k) contribution.
- Education/Tuition Reimbursement - up to $5,000 per year
- Reimbursable/Paid Training and Certifications
- Casual work environment with snacks, drinks, and coffee
- Regularly-scheduled team outings and staff lunches
- Eleven paid holidays, one floating holiday, and a generous comprehensive leave program starting at 4 weeks (20 days)
For further information on ARIN, please go to www.ARIN.net/about.