Lead Specialist, IT Security

About the American College of Surgeons

The American College of Surgeons (ACS) is a professional and educational organization of surgeons that was founded in 1913 to raise the standards of surgical practice and improve the quality of care for surgical patients. The College is dedicated to the ethical and competent practice of surgery. Its achievements have significantly influenced the course of scientific surgery in America and have established it as an important advocate for all surgical patients. The College has more than 90,000 members and is the largest organization of surgeons in the world. For more information, visit www.facs.org.

Summary: The Lead Specialist, IT Security is responsible for ensuring the security and integrity of the College's IT posture across all locations, including Washington DC and Chicago. This role involves managing and supporting the security of servers, storage, backups, Internet connectivity, security protocols, and related IT components, both on-site and in the cloud. The Security Lead role will collaborate with the infrastructure teams to resolve complex support issues, maintain both wired and wireless networks, and stay abreast of industry security trends. This individual will also be tasked with identifying and implementing strategic security upgrades to enhance the College's IT environment, thereby ensuring the protection of critical business operations. This position is responsible for working with internal and external partners and auditors to ensure that the College is following all security controls.

This exempt position oversees a security analyst and reports to the Chief Information Officer in the Division of Information Technology.

Responsibilities:

• Risk Management and Assessment Example Responsibilities: work with appropriate partners to conduct comprehensive risk assessments to identify potential vulnerabilities and threats; develop and implement risk mitigation strategies to reduce the likelihood and impact of security incidents; perform regular security audits and reviews to ensure compliance with security policies and standards; and utilize risk management frameworks such as NIST to guide security practices.

• Security Operations and Monitoring Example Responsibilities: oversee the implementation and management of security monitoring tools such as SIEM (Security Information and Event Management) systems; analyze security logs and alerts to identify potential security incidents and ensure timely response; manage and maintain security infrastructure including firewalls, intrusion detection/prevention systems, and antivirus solutions; ensure continuous monitoring and improvement of the organization's security posture.

• Compliance and Governance Example Responsibilities: ensure compliance with relevant regulations and standards such as GDPR, HIPAA, PCI-DSS.; develop and enforce security policies, procedures, and standards in alignment with organizational objectives; conduct regular security awareness training for employees to promote a culture of security; and prepare and present compliance reports to senior management and regulatory bodies as required.

• Security Architecture and Design Example Responsibilities: collaborate with IT and business teams to design and implement secure system architectures; provide security guidance and best practices during the development and deployment of new applications and technologies; conduct security reviews and assessments of new and existing systems to identify and address security vulnerabilities; and develop and maintain secure coding standards and practices for software development teams.

• Threat Intelligence and Vulnerability Management Example Responsibilities: monitor and analyze threat intelligence feeds to stay informed about emerging threats and vulnerabilities; conduct regular vulnerability assessments and penetration tests to identify weaknesses in the organization's security posture; work with IT teams to prioritize and remediate identified vulnerabilities in a timely manner; and develop and implement proactive measures to protect against advanced persistent threats (APTs) and other sophisticated attacks.

• Incident Response and Management Example Responsibilities: develop, maintain, and execute incident response plans to effectively address security breaches and incidents; lead the investigation and analysis of security incidents to determine root causes and implement corrective actions; coordinate with internal and external stakeholders during incident response efforts; and conduct post-incident reviews to identify lessons learned and improve future response strategies.

Required Education and/or Experience:

• Bachelor's degree or higher from an accredited college or university is preferred.

• Professional certifications such as CISSP, CISM, CEH, or equivalent are highly desired.

• At least 7+ years of similar or related experience is preferred.

• Experience with firewalls, intrusion detection and prevention, threat hunting, incident response and social engineering awareness desired.

• Experience in hands-on training for various security, networking, and server technologies including patch management and security scanning technologies is helpful.

• Proficiency with, or exposure to, a wide range of security products is helpful.

• Exposure to the NIST Framework is a plus.

Comprehensive Benefits:

We're committed to attracting and retaining top talent via valuable benefits!

• Vacation, personal, and sick hours including 13 paid holidays per year

• Hybrid office schedule

• Medical-comprehensive coverage through BlueCross BlueShield

• Dental, Vision, and Prescription drug program

• 403(b) Matching Program

• Pension Plan

• Flexible Spending Medical/Dependent Care

• Employee Assistance Program

• Short Term/Long Term Disability

• Life Insurance

• Domestic Partner Coverage

• Plus many other great benefits!

The American College of Surgeons is committed to working with and providing reasonable accommodations to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the employment process, please send an e-mail to recruitment@facs.org or call (312) 202-5000 and let us know the nature of your request and your contact information.