Select Cyber, an Information Security recruitment specialty firm, seeks to fill the following role for our client:
Senior Director Information Security
Our client is seeking a Senior Director of Information Security to lead the information security management program for the entire organization. This is a highly visible role in a growing global mid-size company that will impact all functions.
This position requires the ability to understand business issues and articulate the business context of projects to facilitate security strategy, prioritization, planning, and best practice sharing with business and technology teams.
Responsibilities:
- Ensure the most efficient and effective security solutions and practices are in place preventing unauthorized access to critical data.
- Identify and evaluate information risks to the entire organization.
- Oversee risk assessments, technical architecture design review and project security reviews ensuring key applications and networks are managed for risk mitigation.
- Assist software development teams by providing guidance in the area of Secure System Development Life Cycle, and develop processes that ensure the appropriate level of security analysis is performed prior to implementing software into the production environment.
- Develop incident response procedures to address any security events that may occur followed by the appropriate Root Cause Analysis and drive action plans to completion to shore up the business based upon the understanding from the RCA.
- Create a framework for roles and responsibilities with regard to information data classification, ownership, accountability and protection.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
- Assist in the development and testing of identity and access management processes.
- Develop, maintain, update and publish up-to-date information security policies, standards, practices, and guidelines.
Requirements:
- 10+ years of experience in information security including information and information risk assessment, risk analysis, risk treatment, privacy, data protection, regulatory frameworks, control frameworks, as well as risk and security architecture and demonstrated experience in leading cyber incident response
- Bachelor’s degree is strongly preferred, specifically in Information Security, Information Technology, or a related field
- CISSP or CISM certification required
- Familiarity with ISO 27001, NIST CSF, Sarbanes Oxley, SOC1/SOC2 audits
- Deep expertise in firewall, system, operating system configuration management, patching, anti-malware, and network architectures as well as in at least one Operations technical skill set (Network Engineering, Unix System Administration, Security Engineering, Database Management, etc.)
- Experience with SIEM (e.g. LogRhythm, Elk, Splunk) and managed services
- Experience with advanced anti-malware, web application firewalls, web filters, spam filters, firewalls, IDS/IPS, and vulnerability scanning tools
- Demonstrated track record of building and maintaining highly collaborative, flexible, and productive cross-organization teams