Director of Cyber Security

About The Position

Requirements

• Minimum of 10 years information security & Infrastructure management experience.
• CISSP, CISM, CCSP, or SSCP certification.
• Bachelor’s degree in Computer Science or similar.
• Experienced with incident responses and collaborating with multiple constituents – forensics, legal, infrastructure, executive leadership, FBI, etc.
• Demonstrate knowledge of IS areas, such as authentication, encryption, logging, monitoring, vulnerability management and assessment.
• Demonstrated ability to integrate business needs and exceptional customer service with that of maintaining a strong security framework.
• Experience with direct knowledge surrounding enterprise security technologies such SIEM, SSO, Privileged Access Management systems, Next-gen firewalls, VPN, IPS/IDS, content filters, Endpoint Security systems, AV, and similar.
• 5+ years technical management in skills including Vendor Management, Information Security, IS Program Management, and/or Security Vendor Management.
• Experience with managing small, focused teams (outsourced and/or off-shore).
• Advanced hands-on knowledge of information security principles and practices, including any of the following: NIST CSF, security risk assessment standards, risk assessment methodologies, and vulnerability assessments.
• High level of knowledge configuring & troubleshooting Microsoft Windows and other Microsoft technologies, Linux, Network, and Cloud security.
• Excellent oral and written communication skills; ability to interact with internal and external stakeholders.
• Must demonstrate strong analytical, reasoning, and critical thinking skills.
• Ability to carry a mobile device and provide off-hour support as required.
• Ability to travel across all Company sites, domestically as well as international.

Nice To Haves

• Formal certification in Information Security Management preferred (CISSP or equivalent).

Responsibilities

• Strategy, Governance, and Awareness
• Understands and adheres to NIST, ISO, GDPR, and Data privacy policies and standards.
• Implements security remediations and improvements partnering with key 3rd party security partners and ensures there are no repeat security related findings from internal and external audits.
• Chooses appropriate content for Security Awareness training programs with key partners to ensure that the program remains an engaging, relevant, and positive training solution inspiring and motivating employees to keep security at the forefront.
• Researches the most relevant and recent content and publishes monthly Cyber Security newsletters, imparts training to parties/team members with high exposure, and conducts annual/bi-annual Cyber Security awareness programs.
• Security Architecture & Operations
• Works with other team members to ensure data center operations are world-class and conform to a secure, stable, reliable, and scalable infrastructure for the Company.
• Advocates for, plans, purchases, implements, manages, maintains, and reviews security hardware and software, and ensuring IT and network infrastructure is designed according to information security best practices.
• Ensures robust configuration and maintenance with firewalls, patch management, and event management.
• Threats, Vulnerability, and Crisis Management:
• Works with team members to build world-class threat detection use cases and incident validations, and provides real-time analysis of immediate threats, and triage in the event of breaches.
• Builds world-class capabilities for a robust global incident response plan using state-of-the-art EDR and MDR and collaborates with internal and external team members for 247 monitoring, analysis, and alerting.
• Takes the lead on deploying solid remediation actions with internal and external team members.
• Ensures information security program features are regularly assessed throughout the year (i.e., pen-testing, phishing tests, advanced email security, etc.).
• Performs activities and reviews projects/programs which minimize the risk of data loss or breaches (i.e., user access reviews, security patch management, SSO, etc.).
• Remains current on developments in the cyber-security industry including security alerts, bugs, zero-day issues, vulnerabilities, viruses, and malware, providing evaluations and recommendations depending on their potential impact to the Company.
• Identity and Access Management:
• Ensure administrators and other privileged users have only the permissions they need at any given time.
• Monitors the activity of administrators and privileged users.
• Ensures access to restricted data and systems is only available to designated or authorized employees.
• Thought Leadership & Management
• Demonstrates a level of maturity in overall leadership, risk management and stays ahead of the curve as it relates to relevant technologies and processes that add value and protect the enterprise.
• Advises management of potential security risks associated with acquisitions or other major projects/programs.
• Develops incident reports and articulates actions effectively.
• Provides monthly cyber and information security metrics report-outs to senior management.
• Manages the information security program to analyze cyber-security information and utilize said information to enhance the overall security posture of the enterprise.

Benefits

• Benefits that benefit you – industry competitive benefits at the lowest cost to the employee
• Work-life balance – PTO and holidays, including floating holidays you can choose
• Compensation that rewards your hard work – A pay-for-performance culture with potential for annual raises and bonuses
• Training – We will equip you with the knowledge and skills you need to succeed