The purpose of this job is to direct a team of Information Security (IS) professionals in the development, implementation, and compliance of both technical security and technical risk management across the enterprise. This position will reinforce the overall security posture of the organization through proactively coordinating security measures to monitor and protect systems as well as deal with the threats. This role exists as an integral member in planning and executing the organization's information security strategy.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Manages risks related to information security, physical security, business continuity planning, crisis management, privacy, and compliance.
Partners with business and IT team members to ensure that enterprise security strategies align with business strategic objectives and priorities.
Ensures all staff members are trained on enterprise and industry-regulated security requirements through awareness programs.
Develops and leads a team of Information Security professionals.
Directly supervises employees within the IS team and carries out supervisory responsibilities in accordance with company policies and applicable laws. These responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; conducting performance and salary reviews; rewarding and disciplining employees; addressing complaints and resolving problems; coaching, mentoring, and developing team members to further their skills and knowledge; creating and monitoring development plans; setting performance expectations/goals; forecasting staffing needs and planning for peak times and absences; enforcing department policies and procedures.
EDUCATION AND EXPERIENCE
Bachelor’s Degree in Computer Science, IT, or similar field required. Minimum 5 years of experience in managing and leading IT Security teams. Minimum 10 years of related IT and information security experience required. Minimum 3-5 years of experience in AWS Cloud Security services preferred. Equivalent combination of education and experience may be considered.
CERTIFICATES, LICENSES, REGISTRATIONS
Professional certifications in Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), and/or Security + preferred. AWS Certified Security-Specialty certification preferred.
KNOWLEDGE AND SKILLS
Experience with AWS Services such as AWS Identity & Access Management, AWS Organizations, AWS Security HuB, Guard Duty, CloudTrail, AWS CloudTrail. Experience in cyber security with working knowledge of data analysis, risk assessment and mitigation, investigation methods, incident management concepts and practices, with background in intrusion detection and forensic analysis. Possess technical ability to use and manage Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, SIEM, Network Behavior Analysis tools, Antivirus, Network Packet Analyzers, Malware analysis and forensics tools. Knowledgeable in networking and proven experience in Windows and Linux environments, including Group Policy and Active Directory. Demonstrable track record for taking initiative and getting things done under minimal supervision. Knowledge of national regulatory compliances and frameworks such as ISO, SOX, HIPAA, and PCI. Advanced in policy formulation, information security management, and business risk management. Competent in IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management. Working knowledge of IT financial management and IT audit. Strong experience and detailed technical knowledge in security engineering, system and network security, authentication, and encryption protocols. Detail oriented, strong analytic and problem-solving skills. Strong organizational skills with the ability to juggle multiple projects/tasks at once. Effective verbal/written communication and presentation skills, including an ability to communicate effectively with a diverse array of stakeholders.
This position maps to the Manager level competencies. Additional competencies required: Leadership, Relationship Building, and Problem Solving.
While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently will sit, stand, walk, and bend during working hours. Requires manual and finger dexterity and eye-hand coordination. Required to lift and carry relatively light materials. Requires normal or corrected vision and hearing corrected to a normal range.
This position operates in an office environment and requires the frequent use of a computer, telephone, copier, and other standard office equipment.