Director, Cybersecurity

The Director of Cybersecurity is responsible for managing and maturing the cybersecurity program for the company. Reporting to the Vice President, Technology Infrastructure & Cybersecurity, the scope of the role includes cybersecurity governance and compliance, security controls and policies, network security, endpoint protection, vulnerability management, security awareness and training, security information and event management (SIEM), and security operations.

Position Description

Essential Duties and Responsibilities

• Leading the company's cybersecurity program, developing a roadmap to mature security capabilities, and hardening foundational controls to mitigate risk.
• Assessing and managing cybersecurity risk as part of Enterprise Risk Management.
• Designing, developing, implementing, and maintaining processes, tools, and services for cybersecurity.
• Developing and managing the cybersecurity team.
• Ensuring the security of IT systems, data, and infrastructure.
• Aligning cybersecurity efforts with the company’s overall business objectives.
• Collaborating with other departments and business units to evaluate system, application, and data security compliance.
• Advising leadership on security matters and making improvements.
• Identifying potential security issues in an organization’s systems using a mix of your knowledge and special programs.
• Establishing security standards, policies, and controls.
• Managing cybersecurity awareness and training program.
• Developing and implementing a comprehensive plan to secure the computing network.
• Monitoring network usage to ensure compliance with security policies.
• Keeping up to date with developments in IT security standards and threats.
• Establishing and leading vulnerability management, working with internal teams and third parties to assess, remediate, and monitor risks.
• Investigating security breaches and other cybersecurity incidents and managing the incident response and recovery plans.
• Installing security measures and operating software to protect systems and information infrastructure, including firewalls and data encryption programs.

Qualifications

Position Requirements

• A strong understanding and knowledge of computer, network, and security systems.
• Have subject matter expertise in information security, governance, risk management, and compliance.
• Demonstrate solid organizational skills and the ability to multi-task, prioritize workloads, and delegate responsibilities.
• Effectively manage stress in a constantly changing environment.
• Demonstrate excellent judgment and the ability to make quick decisions and think outside the box when working with complex situations.
• Possesses a high level of integrity, trustworthiness, and confidence and represents the company at the highest level of professionalism.
• Demonstrate strong analytical skills and effectively interprets and applies applicable regulations and requirements.
• Knowledge and familiarity with common security frameworks such as National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), and Service Organization Control (SOC).
• Knowledge and experience with Microsoft Active Directory and cloud computing including Microsoft 365, Azure, and AWS.
• Knowledge and experience with network security including architecture, Security Information and Event Management (SIEM), Intrusion Detection System (IDS), and Firewalls solutions and services.
• Knowledge and experience with anti-virus, Managed Detection and Response (MDR), and Endpoint Detection and Response (EDR) solutions and services.
• Knowledge and experience with Data Loss Prevention.

Education and/or Experience

• Bachelor’s degree in computer science, information technology, cybersecurity or a related field.
• Certifications in information systems security professional (CISSP) or certified information security manager (CISM) or other relevant certifications.
• 10 years of experience in IT and/or cybersecurity, with at least 5 years in a leadership role overseeing security programs, risk management, and compliance.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the essential functions of this job, the Employee is regularly required to stand, walk, use hands to finger, handle, or feel, reach with hands and arms, and talk or hear. The Employee is frequently required to sit. The Employee is occasionally required to kneel, crouch or stoop. The Employee on occasion may lift, move or push up to 50 pounds, and frequently lift, move or push up to 25 pounds. Specific vision abilities required by this job include close vision and color vision. Extended periods of sitting at desk while working on the computer or phone in a climate-controlled environment. Ascending and descending stairs may be required on occasion to gain access to offices as required.

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The office environment is a low to medium risk area. Computers and phones are constantly in use.

We know how to fine-tune corporate security because we've led effective and efficient Fortune 500-level security programs. The SEC helps businesses find the best balance of risk mitigation, cost and innovation.