The Director of Cybersecurity (the Security Director) is primarily responsible for providing leadership of people and strategy for Security Engineering and Operations, as well as operational and tactical direction to diverse teams, including analysts, engineers and architects. Reporting to the CISO, the Security Director contributes to the company IT security strategy and roadmap and supports the ISOs and CISO in technical reviews and assessments. The Security Director leads the team through the information security program by establishing highly effective policies, corporate protocols and appropriate collaboration among teams. In addition, this leader assumes responsibility for the education and enforcement of those protocols and matters of compliance.He/she will partner with technical teams across the firm’s diverse business and product teams to measure, monitor and ensure the security health of the company.
- Analyzes technologies and establishes highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into the company networks and systems.
- Supports automation and orchestration to maximize team talent and reduce routine tasks.
- Actively recruits and leads by example to create a culture where employees want to work.
- Mentors security team and places a heavy emphasis on employee retention – people, first.
- Conducts independent verification and validation testing of the company networks and sensitive programs through internal team resources and independent consultant engagements.
- Leads the team to implement secure enterprise systems and identifies issues that could compromise data integrity or security.
- Develops IT security programs and recommends necessary changes to the information security team to ensure the company’s systems are fully compliant with all applicable regulatory requirements and privacy laws.
- Facilitates third-party audit reviews of internal departments.
- Provides periodic training to company employees on information security topics.
- Participates in the company’s change management program.
- Stays abreast of the security industry threatlandscape, specifically within the company’s industry.
- Recognizes his/her personal developmental needs and is proactive in obtaining the coaching, networking and training needed to ensure his/her continued success in the position.
- Creates a working environment that is conducive to two-way communication, teamwork and learning.
- Recognizes the varying strengths, skills and needs of the team and adapts his/her coaching skills to obtain the best possible results from each individual contributor.
- Openly supports the organization, the management team and executive leadership team, even during times of adversity.
- Utilizes open communication and managerial courage to ensure the standards, expectations and goals of the organization are respected and upheld.
- Acts as a change agent and drives the department and business forward using effective management, analysis and strategic skills.
- Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization.
- Assumes responsibility for other duties as required or assigned.
- Perform tasks related to securing and keeping the products, tools, and processes that you are responsible for secure.
The Security Director possesses a strong technical background and understands risk, mitigation and technical controls. The director is expected to lead teams that perform technical work and must possess leadership qualities.
This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level across the organization. The role requires the ability to speak confidently in front of large groups and with corporate management, vendors and service providers.
- Minimum of 15years of experience, preferably with 10+ years of technical hands-on securityexperience, and at least 3-5 years in a team lead or supervisor role.
- Leverages subject matter expertise in security and compliance.
- In-depth understanding of various security frameworks such as CIS Critical Security Controls, ISO 27001 & 27002, NIST 800-53, etc.
- Have built or managed a 24x7 Security Operations Center.
- Enterprise network mapping and vulnerability scanning
- Endpoint security tools including traditional antivirus tools and more advanced endpoint protection
- High volume centralized logging and SIEM
- Intrusion Prevention Systems
- Privileged Identity Management
- In-depth understanding of networking and networking technologies
- Preferred Certifications: One or more of - GCCC, GPEN, GCIH, GMON, CISSP, Cyber Security Engineering Core Certification – with appropriate years of experience to support the certification(s).
- BA/BS in Computer Science or related field
Ideal Personal Attributes
- Demonstrates strong written and oral communication skills.
- Understands service design and delivery concepts.
- Demonstrates solid organizational skills and the ability to multi-task, prioritize workload and delegate responsibilities.
- Effectively manages stress in a constantly changing environment.
- Demonstrates excellent judgment and the ability to make quick decisions and think outside the box when working with complex situations.
- Demonstrates a high level of flexibility.
- Is forward thinking and possesses business acumen.
- Possesses a high level of integrity, trustworthiness and confidence, and represents the company and its management team at the highest level of professionalism.
- Demonstrates strong analytical skills and is effective at interpreting and applying applicable regulations.
- Works effectively with a variety of personalities and can adapt his/her approach to effectively reach and develop his/her team. Uses this skill as well as his/her functional knowledge to both earn and maintain a high level of credibility with the team.