Chief Information Security Officer

Getty is committed to creating a welcoming workplace that reflects the various backgrounds of the communities we serve. We value differences in the pursuit of inquiry and knowledge, mutual understanding, respect, trust, transparency, and cooperation. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship or immigration status, color, disability, ethnicity, familial status, gender identity and/or expression, genetic information, marital status, national origin, race, religion, sex, sexual orientation, veteran status, or any other protected status.

Job Summary

Responsible for establishing and maintaining the cybersecurity program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate. Develops and implements enterprise information security architecture and solutions. Directs and implements the necessary policies, controls, tools and procedures to cost‐effectively protect information systems assets from intentional or inadvertent modification, disclosure, or destruction. Serves as the IT security subject matter expert for the organization. Works with senior leaders to determine acceptable levels of cybersecurity risk for the organization. Manages internal and external staff and consultants in support of the program.

Major Job Responsibilities

• Responsible for developing, implementing and running the enterprise cybersecurity program.
• Oversees, leads and develops plans to safeguard information technology systems and information against accidental or unauthorized modification, destruction or disclosure.
• Manages external vendors and partners including our outsourced Security Operations Center, auditors, and other
• Enhances the security posture by adopting a cybersecurity framework that is applicable to the organization.
• Oversees IT business recovery plans and processes to meet enterprise requirements
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., NIST, ISO 27001, GDPR, HIPAA).
• Direct incident response and manage security breaches from detection through recovery.
• Participates in and leads internal audits, develops appropriate criteria needed to assess the level of new/existing applications and/or technology infrastructure elements for compliance with enterprise security standards.
• Performs security risk assessment and mitigation. Inspects system and network data for computer and network usage policy compliance, system integrity and incident response.
• Develops a targeted cybersecurity awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences.
• Leads the development and documentation of information security policies, standards, best practices and guidelines.
• Develops and implements ongoing test plans to ensure compliance with standards and processes (selecting sample, verifying documentation and other requirements).
• Researches, designs and advocates new technologies, architectures and security products.
• Maintains an expert awareness of information security issues, incidents, problems, utilities, legal requirements and solutions for all major information system platforms.

Qualifications

• Bachelor's degree in a related field or a combination of education and relevant experience; Master’s degree preferred
• Demonstrated experience and success in leadership roles in risk management, cybersecurity, and IT
• 12+ years information technology experience with 5 or more years in a security role
• Certification preferred as CISSP/ISSEP, or in forensics, information security, intrusion detection, etc

Knowledge, Skills and Abilities

• Sound knowledge of business management and a working knowledge of cybersecurity risk management and cybersecurity technologies
• Deep understanding of frameworks and laws (e.g., NIST, ISO 27001, GDPR, HIPAA, SOX, PCI-DSS).
• Strong grasp of network security, cloud security, application security, identity/access management, and encryption technologies.
• Ability to direct incident response and manage security breaches from detection through recovery.
• Experience designing secure architectures and establishing security governance policies.
• Ability to evaluate and manage external vendors’ security postures.
• Excellent communication skills and the ability to explain complex technical ideas to non‐technical audience and works with individuals at all levels including senior executives and board members.
• Ability to partner effectively with IT, legal, compliance, HR, operations, and executive leadership.
• Experience fostering a culture of security awareness across the organization and in establishing KPIs, metrics, and reporting mechanisms for security program effectiveness.
• Demonstrated experience in leading/mentoring team members and providing technical guidance to customers and stakeholders.
• High level of integrity and excellent judgment concerning proprietary and privacy issues.

Benefits and Perks

Here are just some examples that Getty offers/provides for full-time employees:

• Medical, Dental and Vision insurance coverage, starting on date of hire. Getty pays 75%-95% of the premium, depending on the plan selected.
• 403(b) Employee Investment retirement plan – with up to 5% Getty Match
• Getty contribution of 6%, on behalf of employee, to 401(a) retirement account
• Educational Assistance and professional development
• Paid Vacation, Sick and Personal Days
• 12 Paid Holidays
• Many positions have bi-weekly Off-Fridays
• On-Site Fitness Center at Getty Center
• Community service opportunities

To learn more about our comprehensive benefits and long list of perks, go to Getty HR.