Director of Cyber Security

The Director, Cyber Security is responsible for the strategy, development, implementation, governance, and continuous improvement of an organizational-wide information and cyber security program which enables a secure, reliable, stable, and scalable global infrastructure in compliance with the Company and industry’s security policies, procedures, practices, and standards. The position advises, directs, manages, collaborates, and partners with internal-external technical staff, cross-functional business leadership, and represents the Company in external councils and audits as needed. This role reports directly to the Global CIO, and will be responsible for mature leadership, building and establishing a fit-for-purpose structure between the info sec and infrastructure orgs, leading incident responses, capital resource allocations and prioritizations, annual budgets, program deliverables, & developing and adhering to policies and procedures. In addition, the position is expected to provide updates and share key metrics with executive leadership and audit committees as needed. Additional responsibilities include: Strategy, Governance, and Awareness Understands and adheres to NIST, ISO, GDPR, and Data privacy policies and standards. Implements security remediations and improvements partnering with key 3rd party security partners and ensures there are no repeat security related findings from internal and external audits. Chooses appropriate content for Security Awareness training programs with key partners to ensure that the program remains an engaging, relevant, and positive training solution inspiring and motivating employees to keep security at the forefront. Researches the most relevant and recent content and publishes monthly Cyber Security newsletters, imparts training to parties/team members with high exposure, and conducts annual/bi-annual Cyber Security awareness programs. Security Architecture & Operations Works with other team members to ensure data center operations are world-class and conform to a secure, stable, reliable, and scalable infrastructure for the Company. Advocates for, plans, purchases, implements, manages, maintains, and reviews security hardware and software, and ensuring IT and network infrastructure is designed according to information security best practices. Ensures robust configuration and maintenance with firewalls, patch management, and event management. Threats, Vulnerability, and Crisis Management: Works with team members to build world-class threat detection use cases and incident validations, and provides real-time analysis of immediate threats, and triage in the event of breaches. Builds world-class capabilities for a robust global incident response plan using state-of-the-art EDR and MDR and collaborates with internal and external team members for 247 monitoring, analysis, and alerting. Takes the lead on deploying solid remediation actions with internal and external team members. Ensures information security program features are regularly assessed throughout the year (i.e., pen-testing, phishing tests, advanced email security, etc.). Performs activities and reviews projects/programs which minimize the risk of data loss or breaches (i.e., user access reviews, security patch management, SSO, etc.). Remains current on developments in the cyber-security industry including security alerts, bugs, zero-day issues, vulnerabilities, viruses, and malware, providing evaluations and recommendations depending on their potential impact to the Company. Identity and Access Management: Ensure administrators and other privileged users have only the permissions they need at any given time. Monitors the activity of administrators and privileged users. Ensures access to restricted data and systems is only available to designated or authorized employees. Thought Leadership & Management Demonstrates a level of maturity in overall leadership, risk management and stays ahead of the curve as it relates to relevant technologies and processes that add value and protect the enterprise. Advises management of potential security risks associated with acquisitions or other major projects/programs. Develops incident reports and articulates actions effectively. Provides monthly cyber and information security metrics report-outs to senior management. Manages the information security program to analyze cyber-security information and utilize said information to enhance the overall security posture of the enterprise.