- Works to establish and enforce organizational standards related to the organization’s security and compliance of IT resources
- Researches and drafts security policies and guidelines and brings them to the ITLT for approval
- Communicates approved policies and guidelines to Ethnos360 departments and centers to make them aware of all security and compliance requirements
- Works closely with IT staff on specific projects and tasks that relate to security and compliance
- Stays up to date with IT security and compliance best practices by attending classes, reading publications, joining professional peer groups, etc.
- Participates in training and staff development activities
- Performs internal reviews to ensure that all current and new/updated policies and procedures adhere to best practices related to security and compliance
- Performs or works with third party audit groups to produce risk and technical vulnerability assessments, data classification, attack and penetration analysis, policy compliance and communication with internal teams
- Completes annual security insurance questionaries and submits the answers to the ITLT
- Actively participates in daily coordination and remediation of elevated security incidents in the organization
- Leads coordination and remediation of major security incidents
- Participates in the assessment of the security of new applications and programs prior to installation, upgrade, or widespread use within the organization
- Maintains confidentiality of highly sensitive information
- Participates in team meetings as required
- Participates in IT Leadership Team meetings as invited
- Performs other duties as assigned by the Director of IT