The Director, Information Security will maximize NCSOFT's security profile and minimize our exposure to attacks by amateur and professional hackers. This role will help legions of gamers enjoy the best possible play experience and will have the opportunity to battle the brightest minds in the hacking business.
To protect our business, the Director, Information Security will engage in attacks against our infrastructure and will develop, implement, and maintain security policies, processes, and programs that will protect and secure our games and web applications from attack. We are looking for a visionary leader with experience leading the architecture, design and implementation related to the deployment of corporate security controls, developing security tools, performing correlative analysis to identify anomalous for behavior, auditing source code for vulnerabilities, working with developers to improve best practices, and deploying attack detection & prevention tools. To be successful in this role, you must have a strong understanding of security best practices and compliance frameworks and broad knowledge in network systems, client-server application development, cryptography, data-mining, data protection, and information privacy.
- Lead the day-to-day support of NCSOFT platforms. This will include the resolution of high profile or major platforms and the briefing and appraisal of internal and external managers.
- Design, engineer, and implement a security program for IT and application/game development at NCSOFT and its studios.
- Lead incident management including detection, response, investigation, eradication, and remediation of potential breaches events.
- Monitor industry trends to determine impact on the security of NCSOFT's products, processes, and infrastructures.
- Collaborate with project and business teams to ensure security requirements are understood and met in all NCSOFT initiatives.
- Maintain documentation for systems and procedures related to security.
- Maintain effective disaster recovery and business continuity plans, which includes ensuring critical elements are in place to ensure prompt continuance of NCSOFT's business.
- Contribute on the launch and development of new security management capability, from technology enhancements of existing services or devices to creation of completely new capabilities.
- Manage contract vendors and/or MSSP's of security devices or applications and other security related contracts.
- Execute key tasks and security projects, e.g. security improvement, ensuring that they stay on track with goals and timelines.
- Bachelor BS/BA in Computer Science, Computer Information Systems, MIS or relevant technology degree or related work experience in a similar environment
- 15+ years professional Security experience in relative IT or Security fields including, but not limited to, engineering, operations, research, development, and/or compliance.
- Professional experience must include at least 10 or more years security, information or cyber security, incident response and management, and/or compliance. At least 5 of those years must be in a senior security management role.
- Must be able to work effectively under occasional high stress, in a 24x7 on-call environment.
- Experience with PCI Sarbanes Oxley, ISO 27000 series, GDPR, and a working knowledge of other regional privacy laws and regulations
- Experience writing security programs, policies, and processes
- Experience with threat modeling, risk analysis and risk management.
- CISSP and CISM certifications preferred.
- Adept with scripting language used for administration or data munging (Perl, Bash, VBscript, PowerShell, etc.)
- Excellent working knowledge of Linux and Microsoft operating systems and various security controls (URL filtering and categorization, antivirus, intrusion detection and prevention, EDR, etc.).
- Excellent understanding of malware infection vectors and delivery mechanisms.
- Working knowledge of application security and penetration testing methodologies, tools, and techniques.
- Strong curiosity with a proactive attitude
- Self-directed – demonstrated ability to prioritize correction of security problems
- Excellent communication skills and ability to work independently and in a team environment.
- OCSP certification
- Programming experience: secure coding experience is a huge plus
- A passion for gaming