Are you someone who never rests on their laurels, always strives to go above and beyond, and is committed to keeping your PROMISES? Do you appreciate a company culture that is open, fosters work-life balance, and a dynamic team environment? Then Old Dominion is the home for you. We take pride in being the best in the industry, and from our humble beginnings we know that our People and our Family Spirit are the main ingredient in our secret sauce to success. At Old Dominion we are looking for individuals to join the OD Family that will provide innovative solutions and exceed expectations to keep OD the premier transportation solutions provider.

　　The Senior Manager Information Security is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The Senior Manager will proactively work with business units to implement practices that meet defined policies and standards for information security. He or she will also oversee a variety of IT-related risk management activities.

　　Primary Responsibilities

　　Actively participate in the development, implementation and monitoring of a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.

　　Manage the enterprise's information security organization. This includes hiring, training, staff development, performance management and annual performance reviews.

　　Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.

　　Ensure the development, maintenance and publishing of up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.

　　Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.

　　Develop and manage information security budgets and monitor them for variances.

　　Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.

　　Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.

　　Provide regular reporting on the status of the information security program to enterprise risk teams and senior business leaders

　　Lead the creation of a framework for roles and responsibilities regarding information ownership, classification, accountability and protection.

　　Develop and enhance an information security management framework based on industry standard options (NIST, ISO 2700x, etc.)

　　Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.

　　Collaborate with the enterprise architecture team to ensure alignment between the security and enterprise architectures.

　　Coordinate information security and risk management projects with resources from the IT organization and business unit teams.

　　Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.

　　Ensure that security programs are following relevant laws, regulations and policies to minimize or eliminate risk and audit findings.

　　Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.

　　Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.

　　Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.

　　Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.

　　Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.

　　Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.

　　Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.

　　Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services, including, but not limited to, privacy, risk management, compliance, and business continuity management.

　　Perform related duties and fulfill responsibilities as required.

　　Job Qualifications

　　Education:

　　Bachelor’s degree in Computer Science or related field or equivalent education and experience

　　Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred

　　Experience:

　　Minimum of 8 years of experience in a combination of risk management, information security and IT jobs

　　At least four must be in a manager role

　　Excellent written and verbal communication skills

　　Strong interpersonal and collaborative skills

　　Ability to communicate security and risk-related concepts to technical and nontechnical audiences

　　Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment

　　Poise and ability to act calmly and competently in high-pressure, high stress situations

　　Must be a critical thinker, with strong problem-solving skills

　　Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST

　　Experience with contract reviews and vendor negotiations

　　High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity

　　Working Days:

　　Monday,Tuesday,Wednesday,Thursday,Friday,

　　Working Shift:

　　Shift and hours to be determined.

　　Work Days and Shift are estimates and are subject to change, at any given time, based on job scheduling and/or business levels. Any information listed regarding Days and Shifts shall be considered a guideline of expectations for the specific position at the time of posting.

　　Join the OD Family Today!As a Full Time member of our Family, you and your family are eligible to receive:

　　Health, Dental & Vision Benefits

　　Short Term & Long Term Disability

　　Flex Spending Accounts

　　401(k) Retirement Plan

　　Life Insurance

　　Wellness Program

　　Credit Union access, Vacation & Holiday

　　“Birthday Holiday” who doesn’t love some extra attention on their Birthday?

　　Old Dominion Freight Line, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, and/or gender expression, sexual orientation, age, disability, pregnancy, genetic information, military status, Vietnam Era and/or veteran status, or any other characteristic protected by applicable law(s).

　　Welcome to Old Dominion. If you are looking for a new career with the best LTL (Less-than-Truckload) carrier in the industry you’ve come to the right place. Many companies tout their family atmosphere, but at OD it truly is a reality. We’ve grown from our humble beginnings of a single truck and one route in 1934 started by Earl and Lillian Congdon to a company of over 23,000 employees. At OD we strive daily to keep the family spirit alive and help the world keep promises.