Provide senior-level management and strategic direction forinternal and externally staffed teamsresponsible for the design, development, installation, deployment and24x7 support of the corporate-wide informationsecuritytechnologyinfrastructure. The informationsecuritytechnology environment includes firewalls, intrusion detection system/intrusion prevention system (IDS/IPS),databasesecurity solutions,security information andevent management (SIEM), web content filtering, andother complexnetworked applications and systems. Work with line of business (LOB) leaders to develop and implementtechnology-based solutions that satisfy business requirements while providing long-term value. Interact with technical and nontechnical LOBs to ensure that proper IT governance and technical oversight is followed and ensure the implementation of consistent and supportable technical solutions. Ensure that all informationsecuritytechnologyinfrastructure meetsinternal technical standards for integration and support. Partner withinternal clients in developing technical solutions that ensure client success.
Desired experience and skills:
- Manage engineering and integration of new security and data protection technologies and operational services support for the enterprise to ensure that the appropriate controls are selected, deployed, and are operating effectively.
- Work with lines of business, management, SME leads, peers, and development teams to ensure data protection for systems are leverage to reduce risk across the organization. Perform detailed feature and usability analysis based existing and future vendor’s platform capabilities against BB&T business and compliance needs.
- Review data protection reports, metrics, and recommend enhancements and additional workstreams to further enhance our security posture.
- Lead and support corporate data protection security projects and/or programs which include, but are not limited to, solution and service enhancements, new data protection technology evaluation, new data protection functionality testing, project requirement gathering and analysis, internal customer communications, data protection inquiries, and ensuring processes and services are documented.
- Additional security certifications such as Certified Information Security Manager (CISM) certification;
- Knowledge of financial services industry and all applicable regulations and industry standards;
- You have experience protecting database environments, including Oracle, Sybase and MS-SQL;
- You have experience with encryption solutions and encryption key management;
- You have excellent communication and documentation skills;
- You have deep understanding of hardware required to support encryption infrastructure; Scripting skills in Python, PowerShell, Perl or a similar language;
- Understanding and utilization of data protection technologies API use and integration across technologies;
- You have the ability to work independently and as part of a team; You have the ability to understand impact of individual solutions / components on the larger end-to-end environment;
- Ability to diagram complex ‘as-built’ systems using industry standard tools such as Visio and/or UML tools;
- Identify security data protection technologies to enhance business services and perform regular technology review and provide technical summary of the solutions based on business use cases effectiveness; Support the as-built design, implementation, operation and maintenance of security applications and tools based upon the established security architecture for data protection;
- Lead in the identification data protection services to best fit a business need;
- Assist in the review of data protection requirements of business functions and document the available solutions and processes; Development and communication of information protection guidelines and requirements;
- Provide project support for security functions, including assisting with security as-built and preparing security documentation for internal process as well as internal/external audits and assessments; CASB, DLP,
- Tokenization, transparent encryption and other related data protection technologies;
- Familiarity with solutions such as Vormetric, Thales, Venafi,Guardium or similar platforms.
Essential Duties and Responsibilities:
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
1. Provide essential leadership and supervision to a subordinate management team and associates. Oversee tactical implementation of corporate-wide security principles, policies and practices. Maintain responsibility and ownership for implementation and maintenance of information protection program.
2. Ensure internal compliance to process and standards. Review technical and business processes, standards and procedures, making recommendations for continuous improvement. Understand and communicate strategic direction to associates and LOB clients.
3. Participate in the development of strategic policy for information security technologies. Provide necessary subject matter expertise and ensure implementation of information security architecture, risk management standards, best practices and systems/processes to ensure information privacy/protection. Communicate strategic direction to peers, subordinates, clients and vendors.
4. Interact with management to determine acceptable levels of risks as business model and risk profile changes and align security program accordingly. Provide necessary subject matter expertise and coordinate efforts on a corporate-level to identify key security risks, needs and initiatives.
5. Provide leadership and guidance in the planning of corporate, client and internal information security technology projects. Work with senior management to ensure adequate staffing is available to complete initiatives/projects. Identify and execute on opportunities for staff augmentation via offshoring.
6. Manage the translation of strategic direction into efficient, effective and supportable solutions, ensuring success while maintaining compliance to internal processes and policies.
7. Implement and monitor controls to ensure that the availability, reliability, performance and service levels of the information security technology infrastructure remain consistently high and in line with LOB expectations. Direct team activities during production problems.
8. Provide reporting to staff, colleagues, senior management and clients on a regular basis to ensure all relative and critical information is clearly and expeditiously shared.
9. Provide oversight on the team efforts to ensure Corporate Information Security and IT Services’ standards and processes and best practices are followed.
10. Ensure adequate security for new business services and systems. Assist in development of scenarios of usage and test for abnormalities or exposures. Prepare documentation to augment vendor materials that include local enhancements and implementations.
11. Stay abreast of all information security related laws and regulations to ensure compliance. Ensure compliance to corporate policies.
12. Support or direct enterprise-level information security-related functions (e.g. firewall administration, intrusion detection, communications, incident response, resource access control facility (RACF), encryption, access control, threat/intelligence management, cyber forensics). Make recommendations for improvements to program, respond to alleged policy violations and act as participant in event of a breach. Ensure communications to Chief Information Security Officer (CISO), and other senior level officers, are accurate and timely.
13. Maintain awareness of changes in industry. Attend classes and seminars, as required, to maintain a high level of proficiency in fields of information security and business resumption. Network with other information security professionals. Read about and be aware of trends regarding business recovery planning and security in industry.
Required Skills and Competencies:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
1. Bachelor’s degree in Computer Science or relevant field, or equivalent education and related training
2. Ten years of Information Security leadership experience
3. Certified Information Systems Security Professional (CISSP) certification
4. Extensive understanding of applied enterprise information security technologies
5. Aptitude towards strategic thought and people leadership while showing ability to influence direction
6. Display a strong sense of urgency and bias for positive action with a history of delivering results
7. Good written and verbal communication, team and people skills; ability to share information and communicate clearly with team members and internal and external clients
8. Demonstrated proficiency in basic computer applications, such as Microsoft Office software products
9. Ability to travel, occasionally overnight
1. Certified Secure Software Lifecycle Professional (CSSLP) or Certified Information Security Manager (CISM) certification
2. Knowledge of financial services industry and all applicable regulations and industry standards