Reporting To: Director, IT Cybersecurity

Assists the Executive Director of IT & Cybersecurity and Director of Cybersecurity in executing the duties and responsibilities inherent to Ocular Therapeutix Cybersecurity Program to satisfy Business, GRC, Strategic, Operational, and Tactical security requirements. 

You will be involved in maturing the program through strategic planning to ensure initiatives and roadmaps align to support business goals and objectives, measuring and managing operational security effectiveness, implementing and improving tactical security controls, policy formulation, budget forecasting, ICS/SCADA security, legal and regulatory compliance, collaborating and organizing with departmental members to achieve holistic security across the organization. More activities will be necessary as the program matures. 

Essential Functions of the Position 

• Directly collaborate with team members, employees and vendors involved in network engineering, network security, server and data center planning and operations, end-user support, and service desk operations. 

• Develops and manages all information security policies, standards, procedures, and internal controls which includes establishing procedures and requirements with key stakeholders to ensure compliance with local, state, and federal laws. 

• Possesses knowledge of NIST and CIS information security frameworks, best practices and baseline security configurations for operating systems, applications and networking, and telecommunications equipment. 

• Mature the Cybersecurity program by drafting strategies and plans to enforce security requirements and address identified risks to meet business objectives. 

• Develops, documents, and implements the enterprise security program by assessing residual risks, vulnerabilities and other security exposures including the misuse of information assets, and noncompliance with security policies and procedures. 

• Coordinate, organize, respond and manage security incidents, providing 'after-action' reports and analysis of information security breaches, violations, malicious activity and incidents to management. 

• Continue security awareness program through structured training and staff communications. Provides written or verbal communication to all levels of staff, leadership and elected officials on security issues and recommendations. 

• Performs other duties as assigned. 

Qualifications 

Education: 
Bachelor's degree in a relevant IT or Cybersecurity field or equivalent experience. 

Certifications, training and education outside of traditional Higher Education. 
 
Experience Requirements: 
Five to ten years of experience in Cybersecurity, information security and IT of which three years you have served in a leadership role and developing IT security policies and procedures; or any equivalent combination of experience and training which provides the required knowledge, skills and abilities necessary to execute the essential functions of the position.