Director, IT Security ($167,600 - $215,200)

Position Summary:

The Director of Information Security is responsible for ensuring the security of the organization’s information systems and infrastructure.  They will oversee the Security Operations Center, and manage and maintain key security operations programs including education & awareness, threat management, vulnerability management and incident management, as well as manage the security tools stack both on prem and in the cloud.  This role will work closely with the Director of Information Security & Risk to prioritize risk and implement appropriate risk countermeasures.

Job Duties:

• Lead, manage, guide, grow, coach, and support direct reports, including establishing and measuring performance against clear objectives to achieve success.
• Enable the business through broad leadership to inspire staff and influence peers across Innovation Technology and Business Leadership to leverage cybersecurity technology and continuously improve security operations.
• Collaborate with cross-functional teams to implement security controls, monitor compliance and develop and maintain operational metrics.
• Oversee the Security Operations Center (SOC) and ensure the security team is performing security monitoring, threat detection, and incident response.
• Oversee vulnerability management, including vulnerability assessments, risk assessments, and remediation plans.
• Identify and implement improvements in all areas of information risk management including incident management/response/recovery, communications and forensic investigation.
• Manage the threat management/intelligence program and services (including threat modeling, assessment, hunting) to support the Security Operations Center and integrate with the risk management functions. 
• Review security access approval and change requests and provide guidance on security policies and procedures.
• Manage the operations of security tools, including firewalls, intrusion detection/prevention systems, and endpoint protection systems.
• Investigate security incidents, determine the root cause, and develop recommendations for remediation.
• Collaborate and maintain relationships with leaders across the organization and with industry peers to share solutions and best practices.
• Manage external resources (contractors, consultants, managed security support services) including acquisition, SOW and the security operations budget.

Minimum Qualifications / Other Expectations:

• Bachelor degree in computer science or related field
• 10+ years in information risk management or information security technology, including 7+ years of direct supervisory/management experience.
• Strong written and verbal communications skills with the ability to create and present technical recommendations to executive management as well as influence and persuade others.
• Diverse technical leadership background in Security and Risk Management combined with significant organizational and industry knowledge and significant applied experience.
• Demonstrated experience in building and managing an SOC including managing a Managed Security Service Provider (MSSP).
• Demonstrated experience in building and managing a Threat Management program as well as implementing processes and tools to execute threat modeling, threat assessment and threat hunting.
• In-depth knowledge of cloud security principles, technologies and best practices, with experience in securing cloud platforms such as AWS, Azure or GCP.
• Demonstrated experience in cloud security solutions (Cloud Access Security Brokers, cloud-native security controls, etc.) and core security technologies in cloud environments (Identity and Access Management, Security Information and Event Management, etc.)
• Experience managing multiple projects of diverse scope and effectively collaborating in a cross-functional team environment.
• Demonstrated knowledge on how business enabling technology (e.g. IoT, A.I.) increases the threat landscape, while understanding how to apply technology and process to mitigate cyber risk.
• Demonstrated ability in leveraging security industry standards (ISO 27001, NIST Cybersecurity Framework, PCI) to improve the overall risk posture as well as report to senior executives.
• Experience in managing compliance with privacy regulations such as CCPA, GDPR, CA SB 1386, CPRA.
• Ability to manage multiple projects while staying current with emerging technology
• Experience in managing security vendors including pricing negotiation, SLA management and overall relationship.