The Joyent Security and Compliance Officer role will provide security leadership across multidisciplinary technical teams. The position will focus on designing and delivering security compliance attestations, plans, processes and operational frameworks and ensuring Joyent, our Customers and Cloud Infrastructure are protected.
The Security Officer is responsible for ensuring that the overall Joyent securitylandscape conforms to industry best practices, is cohesive across disciplines, and that policies and procedures are adhered to.
This role will work closely with key departmental, management, and project stakeholders across the organization. Therefore, the ability to work collaboratively and effectively with all levels of management and staff within the organization is a key priority in this role.
- Minimum of ten years experience working in IT Security positions
- Minimum of ten years of experience in reviewing, auditing, operating and understanding a complex IT technical environment
- Experience in implementing security device & software solutions
- Experience with network monitoring and protection (Intrusion Detection/Prevention Systems/Incident Handling/Incident Response/ Vulnerability Management)
- Experience with vulnerability assessments & penetration testing
- Experience with SSAE 16 SOC 1 Type I and II, NIST, FISMA, HIPAA, SOX, PCI DSS and associated Attestations
- Excellent communication skills (both verbal and written)
- Must be self-motivated and know when to seek guidance
Expertise, Development, and Implementation of the Security Program
- Develop operational roadmaps for corporate, datacenter, software, and SOC to enable scalable growth
- Implement the security program’s information security policies and procedures, which shall be consistent with HIPAA, SOX, SSAE 16, ISO27001, NIST, FISMA, FedRamp, PCI, SafeHarbor, non-preempted state and federal U.S. laws, and international laws that address the privacy and security of data and that apply to Joyent
- Advise Joyent executives on the technologies necessary to maintain Security Programmatic compliance and Defensive posture
- Inform the executives and other Joyent leaders as required of potential securityrisks in accordance with the process set forth in the security program
- Maintain documentation of the security program with respect to security issues
- Analyze the effectiveness, performance, and quality of the security program with respect to security issues
- Monitor internal control systems to ensure that appropriate information access levels and security clearances are maintained.
- Coordinate the development of Joyent’s disaster recovery and business continuity plans for information systems, and test readiness.
- Specify and manage third party security firms for advice, audits, and testing
- Monitor compliance with the Security Program with respect to security issues among personnel.
- Collaborate and coordinate with the appropriate Joyent staff to perform periodic risk assessments and compliance auditing and monitoring involving workforce members and contractors to ensure compliance with applicable laws.
- Develop security awareness within Joyent to create awareness to all levels of staff on critical security matters
- Document and maintain all risk analysis and remediation actions taken by Joyent to reduce information securityrisks.
- Manage retention of performance improvement activity documentation for security functions and compliance responsibilities.
Coordination and Leadership
- Serve as a security advisory position to the Joyent Privacy Officers and senior and/or other business leaders, who are responsible for the security of business information systems and Protected Data
- Initiate, facilitate, and promote activities to foster information security awareness within Joyent and, as appropriate, internally and with third party contractors.
- Be primarily responsible for coordinating routine securityaudits
- Be primarily responsible for the creation, implementation and ongoing coordination of Access Control technology across the Joyent enterprise to enable successful implementation of Access Restrictions defined in the Security Program materials.
Education & Experience
- Bachelor’s degree ; Business, computer science or related discipline
- Network, Unix and Cloud Operations Experience (Required)
- 10+ Experience in the following:
- Managing multiple geographically diverse teams designing cloud security solutions to include development, implementation and management of the organization’s corporate security vision, strategy and Security Programs.
- Identifying, developing, implementing and maintaining security processes across the organization to reduce risks, respond to incidents, and limit exposure to liability in all areas of financial, physical, and personal risk;
- Establish appropriate standards and risk controls associated with intellectual property
- Direct the establishment and implementation of policies and procedures related to data security.