Chief Information Security Officer

Getty is committed to creating a welcoming workplace that reflects the various backgrounds of the communities we serve. We value differences in the pursuit of inquiry and knowledge, mutual understanding, respect, trust, transparency, and cooperation. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship or immigration status, color, disability, ethnicity, familial status, gender identity and / or expression, genetic information, marital status, national origin, race, religion, sex, sexual orientation, veteran status, or any other protected status.

Job Summary

Responsible for establishing and maintaining the cybersecurity program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate. Develops and implements enterprise information security architecture and solutions. Directs and implements the necessary policies, controls, tools and procedures to cost‐effectively protect information systems assets from intentional or inadvertent modification, disclosure, or destruction. Serves as the IT security subject matter expert for the organization. Works with senior leaders to determine acceptable levels of cybersecurity risk for the organization. Manages internal and external staff and consultants in support of the program.

Major Job Responsibilities

• Responsible for developing, implementing and running the enterprise cybersecurity program.
• Oversees, leads and develops plans to safeguard information technology systems and information against accidental or unauthorized modification, destruction or disclosure.
• Manages external vendors and partners including our outsourced Security Operations Center, auditors, and other
• Enhances the security posture by adopting a cybersecurity framework that is applicable to the organization.
• Oversees IT business recovery plans and processes to meet enterprise requirements
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., NIST, ISO 27001, GDPR, HIPAA).
• Direct incident response and manage security breaches from detection through recovery.
• Participates in and leads internal audits, develops appropriate criteria needed to assess the level of new / existing applications and / or technology infrastructure elements for compliance with enterprise security standards.
• Performs security risk assessment and mitigation. Inspects system and network data for computer and network usage policy compliance, system integrity and incident response.
• Develops a targeted cybersecurity awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences.
• Leads the development and documentation of information security policies, standards, best practices and guidelines.
• Develops and implements ongoing test plans to ensure compliance with standards and processes (selecting sample, verifying documentation and other requirements).
• Researches, designs and advocates new technologies, architectures and security products.
• Maintains an expert awareness of information security issues, incidents, problems, utilities, legal requirements and solutions for all major information system platforms.

Qualifications

Knowledge, Skills and Abilities

Benefits and Perks

Here are just some examples that Getty offers / provides for full-time employees :

To learn more about our comprehensive benefits and long list of perks, go to Getty HR .