Cybersecurity Director (Virtual)
WHAT WILL YOU BE DOING?
The Cybersecurity Director will coordinate the IT organization's technical activities to implement and manage security infrastructure, develop incident response scenarios and plans, and provide regular status and service-level reports to management.
More specifically your duties will include:
- Consult with IT to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software.
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Work with the enterprise architect to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
- Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
- Coordinate, measure, and report on the technical aspects of security management.
- In coordination with the security engineering team, manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
- Manage and coordinate operational components of incident management, including detection, response, and reporting.
- Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
- Manage security projects and provide expert guidance on security matters for other IT projects.
- Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are following policies and audit requirements.
- Design, coordinate and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
- Other duties as assigned
WHAT DO YOU BRING?
- A minimum of seven years of IT experience, with five years in an information security role and at least two years in a supervisory capacity.
- A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
- Equivalent combinations of education and experience may be considered
- Strong leadership skills and the ability to work effectively with business managers and IT staff.
- The ability to interact with staff, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
- A strong understanding of the business impact of security tools, technologies, and policies.
- Strong leadership abilities, with the capability to develop and guide IT personnel, and work with minimal supervision.
- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the organization, project teams management, and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
- Experience working with legal, audit and compliance staff.
- Experience developing and maintaining policies, procedures, standards, and guidelines.
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
- Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
- Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- An understanding of operating system internals and network protocols.
- Experience in system technology security testing (vulnerability scanning and penetration testing).
Bonus Points For:
- Customer and Service Focus
- Drive for Results
- Cultivates Innovation
- Achieved or pursuing recognized cybersecurity certification
- A competitive salary that’s benchmarked to Mercer salary data.
- For commissioned roles, an uncapped commission structure
- Participation in a Corporate Incentive program based on 10%+ of annual salary.
- Paid vacation time plus 5/10 personal days.
- One half-Friday off per month.
- Health and dental benefits and an EAP program focused on your mental health (Headversity)
- Company paid professional development plus access to LinkedIn Learning.
- Employee recognition system – movie tickets, household items, electronics, gift cards, etc.
- Flexible working arrangements
We run our business based on our values and we value those who:
- Dare to be adventurous, have a fresh, outward-looking way of thinking, determined, independent, entrepreneurial, and ambitious.
- Care to do what’s right and demonstrate trust, reciprocal respect, humility, honesty, and personal responsibility in all relationships.
- Share by collaborating and working together as one team to pursue mutually beneficial relationships and better outcomes for all.
- Uncomplicate by making life easier for customers and each other and make the complex simple and straightforward for everyone.
- Deliver by aiming to be the best, leading the way in service excellence, and continuously working to innovate and improve products, services, and processes.
Firma is committed to creating a diverse and inclusive environment and is proud to be an equal opportunity employer. Firma provides a supportive and respectful environment free of bias, where each employee feels valued. Together our opinions, strengths, experiences, and diverse backgrounds empower us to perform better and be innovative, which is essential to Firma’s continued success.
Applicants are required to be able to work remotely and pass a background check to be eligible for consideration. We thank all applicants in advance; however, only individuals selected for an interview will be contacted.
- Job Family CIO
- Job Function Director
- Pay Type Salary
- Required Education Bachelor’s Degree