Director of CyberSecurity

Director of Cybersecurity

Location: Melville, NY (hybrid), Local candidates only

Full Time

Core Skills: Building their cyber security from ground up.

Summary

We are seeking a visionary and highly experienced Director of Cybersecurity to lead and fortify our organization's digital defenses. This senior leadership role is critical in designing, implementing, and overseeing comprehensive cybersecurity strategies that safeguard our computer systems, networks, and applications. The ideal candidate will possess a deep understanding of complex IT architectures, stay abreast of the latest security innovations, and proactively address evolving compliance obligations, regulations, and risk landscapes. You will be instrumental in quickly grasping our business operations and technology needs to develop robust security structures that protect our critical software, systems, and products.

What You'll Do

• Lead the strategic design, implementation, and maintenance of enterprise-class security systems for a dynamic production environment.
• Drive compliance and certification initiatives for multiple critical standards including ISO 27001, SOC 2 Type 2, GDPR, and PCI-DSS.
• Align security standards, frameworks, and best practices seamlessly with our overall business and technology strategies.
• Proactively identify, analyze, and communicate current and emerging security threats, developing architectural elements to mitigate risks effectively.
• Collaborate closely with software development leaders to embed the highest security best practices into our applications, addressing findings from tools like OWASP, SonarQube, and Qualys.
• Engineer innovative security solutions that expertly balance business requirements with robust information and cybersecurity needs.
• Identify and resolve security design gaps in both existing and proposed architectures, recommending strategic enhancements.
• Establish and oversee rigorous system tests and continuous monitoring of network and application security performance.
• Manage project timelines for critical security system upgrades and enhancements.
• Implement and enforce least-privilege access controls across all IT systems based on user roles and business necessity.
• Develop, test, and refine disaster recovery procedures, including conducting regular breach of security drills.
• Lead prompt responses to all security incidents, conducting thorough post-event analyses to prevent recurrence.

What You'll Bring

• 7+ years of progressive experience in cybersecurity, security architecture, or computer network defense, with a proven track record of delivering impactful security solutions.
• Expertise in security architecture principles, solution delivery, and the application of emerging security technologies.
• Demonstrated experience designing and implementing comprehensive digital security solutions, including continuous monitoring and iterative improvements.
• Deep knowledge and practical experience with relevant security standards: NIST frameworks, ISO 27001, SOC 2 Type 2 attestation, and PCI-DSS certification.
• Proven ability to consult, engineer, and implement robust security best practices across an organization, meeting both business goals and regulatory requirements.
• Comprehensive understanding of cloud computing security considerations (e.g., data breaches, authentication vulnerabilities, account hijacking, insider threats, APTs, data loss, DoS attacks), with AWS experience preferred.
• Extensive experience in Identity and Access Management (IAM), including integrating security policies and technologies to control and track access to sensitive resources.
• Solid command of security principles across diverse operating environments, including Windows and *NIX.
• Exceptional communication skills, with the ability to effectively articulate complex technical topics to diverse audiences, both technical and non-technical.
• Strong critical thinking and root cause analytical skills to dissect complex security challenges.
• Proven leadership, project management, and team-building capabilities, including leading cross-functional initiatives.
• Demonstrated ability to identify and assess risks associated with business processes, operations, information security programs, and technology projects.
• Subject matter expertise in areas such as computer forensics, incident response, intrusion analysis, malware analysis, and/or security engineering.
• Direct experience operating within an enterprise-level incident response team or Security Operations Center (SOC).
• Hands-on experience handling advanced cybersecurity incidents and utilizing associated incident response toolsets.

Education & Certifications

• A Master's degree in an IT or cybersecurity field is highly preferred.
• Required Certifications:

• Certified Information Systems Security Professional (CISSP)

• Highly Desired Certifications (one or more is a strong plus):

1. Certificate of Cloud Security Knowledge (CCSK)

1. Certified Ethical Hacker (CEH)

1. Certified Information Systems Auditor (CISA)

1. SANS-related certifications