VP, Information Security
ASCAPNew York, NY
Full Time Job
ASCAP is home to more than 650,000 music creator members across all genres - the greatest names in music, and thousands more in the early stages of their careers. We are the world leader in performance royalties, advocacy and service for music creators, and are the only PRO in the US run by its members including songwriters, composers and music publishers.
ASCAP technologists live our mission and we are passionate about what we do for our customers and we practice what we preach. Our technologists serve with humility and a deep respect for their responsibility in helping our business partners and members achieve their goals and realize their dreams. We have an infectious and lively culture and we recognize our successes monthly at our Thursday on-site social hour celebrations. We stand behind our mission and are committed to delivering the impossible.
Bottom line? We outthink ordinary. Discover what you can do with technology at ASCAP!
We are looking for a VP, Information Security (CISO) who will be charged with developing and implementing the company-wide information security program to protect enterprise systems and assets from internal/external threats. This is a high visibility role involving routine meetings with C suite executives.
• Create/implement a strategy for the deployment and development of information security technologies, policies and practices to secure protected and sensitive data and ensure information security and compliance with applicable laws.
• Monitor security vulnerabilities and hacking threats in network and host systems.
• Interpret standards, best practices & current risks to define corporate policies.
• Track latest IT security innovations and keep abreast of latest cyber security technologies and risks.
• Develop/implement business continuity plans to ensure continuous service through infrastructure/systems changes, security breach or if disaster recovery plan is triggered.
• Conduct a continuous assessment of current IT security practices and systems and identify areas for improvement.
• Run security audits, penetration testing and conduct risk assessments.
• Serve primary control point during significant information security incidents, convening a Security Incident Response Team (SIRT) as needed, and preparing situational reports (SITREP).
• Partnering with financial and legal officers and IT personnel in conducting investigations, preparing situational reports and remediation plans in connection with information security incidents and breaches.
• Regularly reporting to the Chief Technology Officer and senior company leadership on the state of the IT security infrastructure, the portfolio of security projects and advising on best practices and information security strategies.
• Managing relationships and liaising with external IT vendors, security experts and advisors.
• Championing and educating the organization and its employees about the latest security risks, strategies and technologies.
• Bachelor's degree in Computer Science or a related subject
• Certified Information Security Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is required.
• Master's degree in computer science and/or business administration is highly desirable.
• 10 years IT security experience, preferably in large multinational corporations.
• Preferably in managing security for healthcare sector including highly sensitive financial data (PCI) and/or protected health information (PHI) under different privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection and Privacy Directive (GDPR).
• Direct experience in the areas of systems architecture, administration, applications development, database administration, network operations, and data center operations.
• Experience securing various architectures and deployment strategies such as Managed Hosting, Software-as-a-service, Infrastructure-as-a-service (AWS), Platform as a service (Salesforce), etc.
• Experience with security frameworks such as PCI DSS, ISO 27001/27002, CIS Critical Security Controls, NIST Framework for Improving Critical Infrastructure Security
• Develop and administer information security policies and procedures in a complex environment.
• Complete information system auditing including computer security reviews, control selection, and evaluation of systems using a risk based approach.
• Expertise in computer forensic investigation methodology and investigation tools to collect, analyze and preserve electronic evidence.
What We Love About You:
• You love our users. You deeply understand our users and put them at the center of everything you do. You aim to serve and delight them every day.
• You do the right thing. You are respectful and act with the highest integrity. If you see something that isn't right, you say something.
• You debate it. You ask questions to understand a perspective and are comfortable respectfully challenging assumptions. You are not turned off by constructive conflict to get to the right answer.
• You own your outcomes. You set clear ambitious goals. You anticipate obstacles, persevere, and are accountable for your commitments.
• You make fast decisions. You are an effective and timely communicator. You understand how to collaborate, compromise, and escalate when needed.
• You get better every day. You welcome the gift of feedback. You never settle in your quest to grow and develop. By being here, you make our company stronger.
Besides providing a unique and dynamic work environment, there are a few other reasons you should consider ASCAP in your career planning. We also offer generous benefit options that are comprehensive and provide the flexibility that most employees want and need. These health care and financial plan options include the following:
• A choice of either HMO or Point-of-Service (POS) medical and dental plans
• Immediate eligibility for 401(k) participation with match
• Generous time-off policy
• Health care and dependent care flexible spending accounts
• Long term disability insurance
• Basic life insurance, supplemental and dependent life insurance options
• Employer paid retirement savings program