IT Cybersecurity Lead

LISC is one of the country’s largest community development organizations, helping forge vibrant, resilient communities across America. LISC works with residents and partners to close gaps in health, wealth, and opportunity so that people and places can thrive. We do this by acting as a conduit for grants, loans and equity--and by providing technical assistance and capacity building--to locally rooted organizations that carry out the work in communities.

Position Description

LISC seeks an experienced subject matter expert and leader to join our IT team as a Cybersecurity Lead. The Cybersecurity Lead will provide direction and guidance for all aspects of LISC’s governance, risk management, compliance and cybersecurity initiatives.

The Cybersecurity Lead is responsible for establishing and implementing security measures to protect our computer systems, networks, and data from cyber-attacks, enabling the protection of confidentiality and integrity of data, and ensuring the smooth operation of IT systems that support LISC’s activities and mission.

An ideal candidate has a solid understanding of various cybersecurity concepts, technologies, and best practices, as well as experience in managing and leading teams, and communicating across business departments. The role will foster strong working relationships with senior members of the program, legal, finance and technology teams to develop unified, business-aligned and comprehensive enterprise security, compliance and privacy policies and procedures.

Reporting to the Head of IT Infrastructure, you will:

• Manage the day-to-day security operations work of the network and infrastructure team.
• Implement security measures and protocols and continuously monitor and update them to protect against new threats.
• Develop and maintain IT security policies and procedures.
• Coordinate with different departments to ensure cybersecurity awareness and compliance.
• Stay updated with the latest trends in cybersecurity and adapt strategies accordingly.

Duties and Responsibilities

Security Program

• Develop and manage a comprehensive cybersecurity program.
• Detect vulnerabilities within IT systems via regular risk assessments and develop strategies to counteract them.
• Ensure compliance with industry standards and frameworks (i.e. NIST, ISO, PCI-DSS, SOC, HIPAA) as they relate to business operations.
• Identify, track and comply with all applicable regulatory requirements for cybersecurity.

Security Measures

• Oversee the installation, maintenance, and troubleshooting of cybersecurity systems and software.
• Provide advice and guidance on protecting sensitive data and maintaining the integrity of the IT infrastructure.
• Coordinate teams to carry out regular audits and inspections to ensure that our security systems are functioning as expected.

Work with IT Department teams

• Manage development and implementation of information security policies and procedures.
• IT team members in implementing and maintaining security measures.
• Conduct regular system audits to ensure their effectiveness.

Risk Awareness and Training

• With business units, facilitate risk assessments related to information security and risk management.
• Maintain current knowledge of applicable federal and state security laws, certification requirements and accreditation standards.
• Conduct regular security awareness training for employees.

Incident Response and Readiness

• In case of a security breach, assume ownership of incident response and mitigation, correction and/or prevention measures are taken as needed.
• Report regularly to senior management on the status of security measures and any breaches.
• Assure maintenance of disaster recovery procedures and conduct regular drills to ensure the readiness of the team.

Audit Activities

• Work collaboratively with business units to ensure security, privacy, governance, regulatory requirements and standards are met and align with business strategy and risk tolerance.
• Conduct risk assessments and audits to identify vulnerabilities.
• Coordinate responses to internal and external IT audits.

Third-party risk management

• Assess data security practices of third-party vendors who work with LISC data or systems.
• Manage relationships with third-party vendors and service providers to ensure they comply with our cybersecurity policies.
• Ensure adherence to technical, legal and policy standards and adequacy of controls on electronic systems that contain protected information.

Qualifications 

• Bachelor's degree in Computer Science, Information Technology, or a related field such as business, finance. Master’s degree preferred. Advanced security or vendor certifications such as CISSP, CISM, or CRISC are a plus.
• Minimum of 8 years of experience in the cybersecurity field.
• Relevant work experience across staff and orgs, including cybersecurity incident response, disaster recovery and business continuity management, identity and access management, information privacy, security operations center management and security architecture.
• Strong knowledge and experience with DFIR (Digital Forensics and Incident Response) and related network, server and application development tools and techniques.
• In depth knowledge of various cybersecurity frameworks and standards.
• Strong understanding of risk management and incident response procedures.
• Experience with security technologies such as firewalls, intrusion detection systems, and anti-virus software.
• Familiar supporting and securing technologies such as: PAM, Azure, M365 E5 and major cloud and SAAS providers.
• Knowledge and experience in areas such as network security, data protection, encryption, and risk management.
• Proficiency in various cybersecurity technologies and protocols to identify, prevent, and mitigate threats. The following or similar:
  • XDR/EDR/MDR
  • SIEM
  • SOAR
  • Rapid 7 – Velociraptor
  • Wireshark
  • Splunk
  • Python
  • Volatality / MemProcFS
  • Kroll Artifact Parser and Extractor – KAPE
  • WELA – Windows Event Log Analyzer

• Experience in managing and leading teams.
• Effective communication skills to collaborate with different departments, train employees on security protocols, and explain complex cybersecurity concepts in non-technical terms.
• Problem-solving skills to quickly identify and respond to security incidents, to minimize potential impact to LISC.
• Ability to stay up to date with the latest trends in cybersecurity, emerging threats, and best practices for defense.
• High standards and a commitment to maintaining confidentiality.
• Software Development experience a plus in terms of writing scripts for LISCs environment
• Experience in finance and/or lending a plus.

COMPENSATION & BENEFITS:

LISC offers a competitive salary of ($121,086- $151,357) commensurate with experience and excellent benefits.

*Actual salaries may be based on several factors including, but not limited to, a candidate's skill set, experience, education, work location and other qualifications.

Our benefits include: 

Medical, Dental, Vision Coverage: Comprehensive health plans for you and your family's well-being; Disability Insurance: Long-term and short-term coverage for peace of mind; Retirement Savings: Secure your future with our 401(k) and 403(b) plans; Generous Holidays: Enjoy ample time off to recharge and celebrate; Vacation, PTO, and Sick Days: Take advantage of flexible time-off policies to maintain work-life balance; Tuition Assistance: Pursue your educational goals with support from our tuition assistance program; Referral Program: Earn rewards for referring qualified candidates to join our team; Professional Development Opportunities: Grow and advance in your career with access to ongoing training and development programs tailored to your goals.

LISC is an equal opportunity employer. LISC does not discriminate in employment on account of actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth, lactation and related medical conditions), gender identity or expression (including transgender status), sexual orientation, marital status, military status or veteran status, unfavorable discharge from military service, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information or any other characteristic protected by applicable federal, state or local laws and ordinances.

We will endeavor to make a reasonable accommodation to the known physical or mental limitations of a qualified applicant with a disability unless the accommodation would impose an undue hardship on the operation of our business.