Estimated Length: Open Ended
Note: Under Executive Order 75, all new hires must provide proof of COVID-19 vaccination, as described in the “COVID-19 Vaccination Requirement” section below.
The Client is currently seeking a candidate with a wide breadth of information security experience, specifically in security operations, architecture, advisory, and management to be our Director of lnformation Security. This candidate will have a strong background in understanding complex distributed systems that interact, receive and exchange data with multiple partner sources and be able to identify, manage, and remediate any risks that can impact the organization. The ideal candidate will have a balanced approach of security and business operations and is able to translate technical risk to business impact.
• Partner with key stakeholders in the business to identify, assess, aggregate and document risks and controls, including risks associated with new or modified products, services, distribution channels, regulations and third party operations.
• Present findings to various levels of leadership concerning the status of system risk or failure as a result of installations, upgrades and modification and the cost or impact to business operations.
• Contribute to the implementation of new risk policies, practices, and solutions to ensure holistic understanding and management of risks according to industry best practice.
• Enhance strategies, tools, and methodologies to measure, monitor, and report data risks.
• Support the formulation of stress test plans for a line of business or the enterprise including the evaluation of results, and framing of contingency plans in partnership with key business stakeholders.
• Supervise and guide a team of Senior Security Analysts to optimally perform their duties to secure the operational integrity of Client from internal and external threats.
Minimum Qualification Requirements:
A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,
Education and/or experience which is equivalent to "1" above.
• Experience in the performance of analytical, planning, operational and technical review in the movement of information across the network.
• Knowledge of emerging technology and the security governance implications.
• Demonstrated understanding of cyber security risk management concepts, cybersecurity frameworks, control standards, and security technologies.
• Strong background in various flavors of operating systems (Windows, Linux, UNIX) and databases (Oracle, DB2, MySQL, MongoDB).
• Strong understanding of various security solutions (Cisco FirePower, BlueCoat, Rapid7, Palo Alto, Crowdstrike, Imperva, Nessus, McAfee, Tanium, Splunk, Wireshark, etc.)
• Experience with application forensic tools (Veles, DNSpy, IDA, CyberChef, etc.)
• Experience designing, architecting, troubleshooting, and deploying various security technologies while minimizing the business impact that can occur from the implementation of active security technologies.
• Experience managing Information security operations teams.
• Excellent skills with MS products (Project, Word, Excel, PowerPoint, Access and Visio).
• Excellent written and oral communication skills and proven analytical skills.
• Demonstrated ability to develop and maintain project management metrics.
• Flexible and able to conform to shifting priorities.