Director, Information Security
- Providing consultation to business partners to influence security best practices and establish solid security principles across the organization
- Strong understanding of security principles for cloud and on-premise systems in at least one of the following: network/infrastructure, servers, mobile, system configuration
- Knowledge of securing development pipelines such as automated code scanning tools and API management
- Experience with securing containers including container management solutions such as Kubernetes
- Experience with managing enterprise grade cloud security solutions such as Cloud Access Security Brokers (CASB)
- Knowledge of security defenses against data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and Denial of Service attacks
- Ability to provide direction and guidance at all levels of the organization on architectural use cases and requirements
- Work with business units, infrastructure services, and application development teams to choose appropriate technology solutions.
- A demonstrated ability to integrate various information security, application, network and data protection technologies and controls into solutions to mitigate risk
- Significant experience in information and/or network security, including hands on experience in security systems (e.g. firewalls, intrusion detection systems, endpoint software, authentication systems, log management, content filtering, etc.)
- Knowledge of Security and Industry frameworks such as ISO27001/02, NIST 800-53, SANS Top 20 Critical Security Controls, COBIT, PCI-DSS, and NIST Cybersecurity Framework a combination of relevant industry certifications related to Information Security (e.g. CISSP, CISM), Architecture (e.g. TOGAF, AWS Certified Solutions Architect), and Cloud (e.g. AWS, Google, and Azure including Microsoft 365)
- Demonstrated experience with assessment, development, implementation, and optimization across a broad set of security technologies such as secure software development, application security, data loss prevention, cryptography, key management, and identity access management.
- Ability to contextualize security issues and business risks both verbally and in writing
- Strong communication skills, business acumen, analytical and problem-solving skills
- Strong personality with the will and ability to enforce new policies across the organization, especially at the executive level.
- Experience working with cloud security and governance tools.
- Experience with a 24x7, highly-available architecture.