VP of Security, Compliance, and IT

Summary

Join Accela as the VP of Information Security and Compliance, overseeing the company's security and compliance programs. This pivotal role involves mitigating risks across all entities, establishing a robust risk management framework, and leading enterprise-wide security initiatives. You will provide independent risk assessments, challenge business risk management, and identify emerging risks. The VP will also lead the evolution of security and compliance departments, enhancing risk management capabilities and ensuring security enables business success. This role requires strong leadership, communication, and technical expertise in IT security, compliance, and risk management. Accela offers a competitive salary and a comprehensive benefits package.

Requirements

• Bachelor's in IT, Cybersecurity, or related field (Master’s preferred)
• 10+ years in IT security, compliance, and risk management
• Expertise in security frameworks (e.g., NIST 800-53 rev5, ISO 27001) and regulatory standards (HIPAA, CCPA GDPR)
• Proven leadership in managing large-scale IT and security systems
• Strong understanding of IT infrastructure, cloud platforms, and emerging cybersecurity trends
• Experience with risk assessment, audits, and compliance reporting
• Strategic planning and project management capabilities
• Ability to lead and mentor teams, manage budgets, and foster security awareness
• Exceptional communication skills for engaging stakeholders
• Ethical, decisive, and problem-solving oriented
• Experience with vendor risk management and scaling IT/security during growth phases

Responsibilities

• Enhance the company’s operational risk management framework, including standards and procedures for identifying, measuring, monitoring, and managing risks
• Evaluate operational risk activities, oversee risk acceptance decisions, and perform scenario analyses
• Develop and deliver operational risk reports for senior leadership
• Serve as a leader in fostering information security awareness across the organization
• Assess and address evolving security risks, threats, and vulnerabilities
• Oversee the development, communication, and implementation of security strategies, metrics, and maturity models
• Ensure compliance with security standards, including HIPAA, PCI, NIST CSF, GDPR, and other applicable laws
• Maximize the effectiveness of existing security systems and cloud-based infrastructure
• Evaluate, implement, and lead enterprise security technologies and processes
• Lead cross-functional response teams to investigate and remediate security incidents
• Define and drive the strategic vision for endpoint protection and cybersecurity, ensuring alignment with organizational goals and regulatory requirements
• Provide leadership and guidance to teams managing device encryption, patching, and endpoint security tools, fostering collaboration across IT and Security teams
• Oversee organizational response to endpoint-related security incidents, ensuring swift detection, remediation, and minimal business disruption
• Advocate for security investments and resources, aligning endpoint security strategies with broader business objectives
• Oversee risk management programs for internal and third-party activities
• Ensure alignment with regulatory compliance and risk management expectations
• Coordinate and track all IT and security-related audits, ensuring positive outcomes and addressing audit responses
• Work closely with stakeholders to ensure business continuity during security incidents
• Collaborate with senior leadership to share insights, influence priorities, and drive stronger risk management practices
• Provide leadership, training, and development to the security and compliance teams
• Define team deliverables, monitor execution, and ensure alignment with organizational goals
• Represent and communicate the mission and values of the company, fostering a team-oriented environment

Preferred Qualifications

• Knowledge of industry-specific compliance frameworks (e.g., HIPAA, PCI DSS) and regulatory requirements (e.g., GDPR, CCPA)
• Knowledge of industry-specific compliance frameworks (e.g., stateRAMP , HIPAA, PCI DSS) and regulatory requirements (e.g., GDPR, CCPA)
• Proficiency in security tools, zero-trust architecture, hybrid cloud environments, and DevSecOps practices
• Experience managing global teams and navigating cross-border compliance challenges
• Awareness of AI-driven threats, quantum computing risks, and predictive threat analytics
• CISSP, CISM, CISA, ITIL

Benefits

• Flexible time off
• Comprehensive medical, dental, and vision plans
• Family planning benefits
• 401(k) retirement savings plan with company match
• Health savings account with company contributions
• Flexible spending account
• Life, accident, and disability coverage
• Business travel insurance
• Employee assistance programs
• Other well-being benefits
• Annual bonus target