$200K — $250K *
Virgin Galactic is currently seeking a highly skilled Director, Information Security to join the IT leadership team and help lead the evolution of electronic information security. As a member of the IT leadership team, reporting directly to the Chief Information Office, the Director, Information Security will enhance and oversee the global information security operations activities of a diverse and decentralized computing environment. The Director, Information Security is accountable for the management of the global security operations and architecture, including incident response, security technologies management and change management. The Director, Information Security will lead the in-house IT and outsourced security operations personnel to ensure operating environments are maintained to optimal performance and meet defined service levels. Key success criteria in this position are an in-depth understanding and management of global information security, security technologies such as intrusion detection and content filtering, threat patterns, security architecture, application architecture, and compliance criteria. This role will anticipate Information Security industry future direction, implement best practices, operational discipline and integrate appropriate changes as business needs require.
Oversight of information security in enterprise IT infrastructure and in deployment and management of enterprise applications.
Building and growing a standards-based information security program in an enterprise IT setting.
Define the vision for the security program successfully communicate and receive buy in, and then lead the team and organization in in execution.
Establish and manage operations to maintain security for Controlled but Unclassified (CUI), PCI, and HIPAA compliant requirements.
Definition and execution of compliance programs aligned with regulatory and international standards (e.g., ISO27001)
Oversight of internal and outsourced security operations in the enterprise.
Establish governance processes and drive prioritization of security workload across the security workforce, and with dependent stakeholders.
Coordination of performance of security operations across multiple data centers, as well as cloud-based service operations centers.
Leverage strong background in ITIL/ITSM support and provide coordination of desktop and end point security with enterprise IT services teams.
Provide security expertise and consulting for enterprise applications used to support Finance Management, Customer Management, Manufacturing Operations and Quality Control in highly regulated industries.
Securing operations involving large groups of R&D, Engineering and development operations, which require connectivity and integration with third party partners.
Develop, defend, and manage an information security budget, for business units and executive management.
Key result areas of responsibility will include:
24 x 7 x 365 management of the outsourced Security Operations Center and accountability for availability of global security systems including monitoring, vulnerability management and other information protection capabilities.
Management of incident, changes and problems related to security incidents or evolution of security systems.
Continuous improvement & performance management of Security Operations processes, technologies and tools, and oversight of security vendors performance ensuring SLA’s.
Development of baselines and standards for all flavors of IT Applications and Infrastructure, and associated processes for onboarding and risk management.
Definition and management of information classification & business impact assessment processes.
Participation in business and IT initiatives as an information security expert. Provision of guidance to others on proper security practices.
Identification and classification of risks related to new implementations or existing infrastructure and application solutions and provision of guidance for remediation.
Supporting the Business
Participation in business initiatives as a security professional providing consultative support & guidance to others on proper security practices as well as principles.
Performance of security assessments to identify potential security risks in all aspects of the business including technical implementations (applications or equipment) as well as IT or business processes.
Development and delivery of end user security awareness training, effective reporting, as well as performance metrics.
Risk Management and Reporting
Management & communications of security risks via a metric-based model
Development and execution of security metric reporting to ensure business and senior leadership have a proper view of current security state and risks, globally.
Identification of potential security risks in all aspects of the business including technical implementations (applications or equipment) and IT or business process.
Understanding and helping the organization meet regulatory compliance and conformance.
Participation in internal audits and other 3rd party audits of company’s security practices.
What you bring
8+ years’ experience leading a large multi-national security operation.
The role requires a combination of “expert-level specialized technical” and “analytical professional” IT security skills with the ability to maintain security and confidentiality when dealing with highly sensitive information.
Strong working knowledge of application security best practices and tools including vulnerability and application scanning, OWASP methodologies and testing criteria.
University degree (or equivalent experience) in Computer Science, Engineering, or other technical field, or Business Administration with relevant IT work experience.
Strong knowledge of Security, Firewalls, Server administration, databases, VMware, Citrix and current & legacy Windows operating systems
Deep technical knowledge in information technologies; should be the “expert” in operating systems, networking, network authentication, database and acutely aware of global business environments.
Must have experience establishing security operations for PCI compliant web applications.
Must have extensive experience implementing security operations for highly integrated Oracle, Microsoft, and SAAS enterprise applications.
Proven experience managing security in the cloud, in particular, Microsoft Cloud Platform Services (O365) and Microsoft Azure Infrastructure Services
Familiarity with emerging threats and mediation of these risks.
Deep understanding of security risks and threats as they relate to the company’s operating environments.
Deep understanding of compliance to security policies and procedures, especially implementation of NIST security standards (800-53, 800-171).
Understanding of ITIL and its practical application
Demonstrated competency in strategic thinking and leadership with strong abilities in relationship management.
Demonstrated competency in managing third party providers in security technology operations.
Strong knowledge of the intricacies of networking, cloud-based solutions and Internet based protocols
Deeply skilled at clearly and proactively communicating sensitive risk information and program status both horizontally and vertically within an organization and its stakeholders.
Strong written and oral communication skills, with capability to use Microsoft Office solutions
Ability to collaborate with team members in a cross functional and matrix IT organization.
Valid through: 5/18/2021
$100K — $150K
5 days ago
$100K — $150K
5 days ago