Director of IT Security

The Director of IT Security responsible for leading, designing, documenting, and maintaining security operations management, measurement and reporting activities as required for the successful establishment of Security and Privacy. This role will be required to maintain a strong knowledge of emerging security technologies and to provide input to the CIO. Business stakeholders will rely on this role regarding management and instruction of continuous improvement opportunities. Expertise in leading project teams and developing and managing projects is essential for success in this role

Develop and maintain a security program and security projects that address identified risks and business security requirements.
• Provide vision, thought leadership, analytical guidance/process framework and resources to proactively find, investigate, and mitigate cyber threats.
• Protect against new types of security threats by ensuring that solutions are in place to guard against such threats, and that incident response capabilities are implemented and maintained.
• Manage the development, implementation and continuous refinement of security policies, standards, and procedures to ensure ongoing strengthening and maintenance of security practices.
• Ensure security models, technologies and protocols are established, enforced, and maintained by system architects and designers.
• Lead Government Service Organizations/GSO (i.e., TSA, USCG, DOE) driven initiatives to strengthen the organization's risk posture.
• Develop metrics for ongoing performance measurement and reporting.
• Partner with IT MSSPs and other approved partners in the delivery of security architectures and roadmaps.
• Develop and present security best practices, technical concepts, and technologies for innovative computing solutions.

Please note that this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are requires of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Requirements and Qualifications

• Minimum 5-7 years of hands-on corporate IT security operations experience.
• Strong experience-based technical knowledge with scoping, designing, and implementing of large scale, complex and multi-technology projects; including but not limited to Security Operations Center, Vulnerability Management and Penetration Testing, Firewall Rules Reviews, Mobile Device Management, EndPoint Hardening Controls, Secure Email Protection, Network Infrastructure, Network Access Controls (NAC), Web Filtering, DLP Controls, etc.
• Experience with security risk management, incident response, threat analysis, security auditing, security monitoring and other information security practices.
• Experience with networked Operational Technology (OT), (i.e., PLC, DCS, HMI, level indicators, temperature & pressure sensors)
• Excellent written and oral communication skills with the ability to effectively communicate and collaborate with information technology professionals, senior management, auditors, and vendors.
• Strong customer-interaction skills.
• Documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirement of this role.
• Demonstrate a high level of personal integrity with the ability to professionally handle confidential matters, while exhibiting the appropriate level of judgment and decision making commensurate with the position and its responsibilities.
• Experience managing and motivating multiple direct reports (in remote locations a plus).
• Detailed oriented with ability to prioritize projects and deliverables.
• Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities while under pressure.
• Experience with Microsoft, Linux and / or with other Unix-based operating systems is a plus.
• Telecommunications experience is a plus.
• Effective written and verbal communication with peers, management, and c-suite level leadership
• Ability to present to executive audiences
• CISSP, CISM or equivalent designation required.
• Bachelor's Degree in Computer Science or a related technical discipline preferred; or the equivalent combination of education; technical certifications or training; or work experience.

Hours of Work

• Typical hours of operation are Monday through Friday 8am to 5pm.
• This position requires the ability to work rotating shifts and perform overtime and occasional weekend work as job duties demand.
• Occasional travel may be necessary, sometimes with little or no advance notice.

Physical and Environmental Demand

• The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• This job operates in a professional office environment. This role routinely uses standard office equipment such as computers and smartphones.
• While performing the duties of this job, the employee is regularly required to talk or hear.
• This is largely a sedentary role; however, some filing is required. This would require the ability to lift up to 25 pounds, bend, stand, or stoop, as necessary.
• The ability to see (20/20) and hear either naturally or using corrective lenses or hearing aids
• Ability to wear and use a respirator and PPE.
• Because the facility and adjoining facilities handle hazardous materials, the labor force must be able to evacuate quickly from any location of the facility without assistance in an emergency.

This job description is intended to describe the general nature and level of the work being performed. This is not an exhaustive list of all duties and responsibilities. The company reserves the right to amend and change responsibilities to meet business and organizational needs as necessary with or without notice.