Director, Cybersecurity (Governance, Risk, and Compliance)

Position Title:

Director, Cybersecurity Governance, Risk, and Compliance

Department:

Cybersecurity & Program Management

Corporate Area:

Technology & Operations

Status:

Regular, Full time Exempt

Manager Title:

VP, Cybersecurity & Program Management

Position Overview:

The Director of Cybersecurity Governance, Risk, and Compliance core responsibilities are to develop, implement, maintain, manage, govern, and facilitate the enterprise's cybersecurity governance, risk, and compliance (GRC) and business continuity management (BCM) programs.

Key responsibilities will include, but are not limited to:

Principal Responsibilities:

Plan, build, run and manage PBS’s operational resilience and business continuity management (BCM) program in accordance with industry standards and frameworks. Applicable scope of responsibilities includes PBS’s:

• Business Impact Analysis (BIA)
• Business Continuity Plan (BCP)
• Cybersecurity Incident Response Plan (CIRP)
• Disaster Recovery Plan (DRP)
  
  
  

Plan, build, run and manage PBS’s governance, risk, and compliance (GRC) program in accordance with industry standards and frameworks. Applicable scope of responsibilities includes PBS’s:

• Enterprise Risk Management Program
• Enterprise Data Privacy Program
• Third Party Risk Management Program
• Security Behavior and Culture Program
• Vulnerability Management Program
  
  
  

Perform essential activities at the organization, business process, and information system levels of the organization to help prepare the organization to manage its business resiliency, continuity, and disaster recovery capabilities using industry standards and frameworks.

Perform essential activities at the organization, business process, and information system levels of the organization to help prepare the organization to manage its security and privacy risks using industry standards and frameworks.

Requirements for success:

• Minimum of five year’s demonstrable continuous growth and expertise in successfully planning, implementing, and sustaining organizational resiliency programs compliant with NIST, ISO 22301, or equivalent industry standards.
• Minimum of ten years' demonstrable continuous growth and expertise in successfully planning, implementing, and sustaining an enterprise risk management program compliant with the NIST Cybersecurity Framework and NIST Privacy Framework.
• Bachelor’s degree in a related field such as business, information technology, or cybersecurity; equivalent combination of experience may be considered.
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and/or related professional cybersecurity certification is preferred.
• Certified Business Continuity Professional (CBCP), Certified Business Continuity Manager (CBCM), Business Continuity and Resiliency Professional (BCRP), and/or related professional BCM certification is desired.
• Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), and/or Certified Information Privacy Technologist (CIPT), and/or related professional BCM certification is desired.
  
  
  

Skills/Abilities required:

• Demonstrable leadership skills, particularly project management, influence and relationship building, and conflict identification and resolution. Program success depends heavily on cooperation and commitment from every level of PBS’s business, and from personnel in many different roles. Proven influence and leadership skills are critically important.
• Demonstrable oral and written communication skills, with the ability to communicate business and IT risks and their impacts on business productivity, profitability, reputation and brand effectively with a broad range of PBS’s personnel at all levels and in all areas, as well as communicate their impacts to business partners, business and IT service providers and other external stakeholders.
• Proven expertise in compiling, manipulating, summarizing, reporting, and presenting complex technical data sets to both technical subject matter experts as well as executives is required.
  
  
  

PBS is an Equal Opportunity Employer in accordance with the EEOC and the Commonwealth of Virginia.