Cyber Defense Director

The Cyber Defense Director is a senior level "hands-on" leader responsible for Cybersecurity prevention and incident response functions. This role is responsible for identifying protective measures, researching cyber incidents, leading comprehensive investigations, and managing a multi-level Security Operations Center (SOC).

This role stays connected to the evolving threat landscape. By leveraging daily threat intelligence, they take proactive measures to block active Indicators of Compromise (IOCs) and work with engineering and delivery teams to implement controls and processes that protect Ross.

This key role leads our detection and response capabilities that filter millions of events to identify suspicious activity and investigate to ensure it is not malicious. During an incident this role leads a cross-functional team with IT, business, and 3rd party resources to irradicate, contain and recover from a malware incident.

ESSENTIAL FUNCTIONS:

• Leads Cyber Defense team to defend against cyber-attacks and to protect Ross during a cyber-incident
• Stays aware of external threats and events and applies tactics to protect against them
• Builds relationships with internal business partners such as Finance, Legal, HR to help guide them during security incidents
• Partners with engineering and delivery teams to implement capabilities that protect Ross.
• Communicate to internal and external partners to convey technical information in an easy-to-understand way.
• Develops and maintains Incident Response Plan and holds training to ensure readiness
• Ensures IR playbooks are maintained and distributed as appropriate.
• Present monthly status reports to show internal event and incident trends
• Document Ross incidents and provide regular updates to leadership.
• Develops an Incident Response Steering team to guide the program growth
• Take internal precautions to protect against known 3rd party breaches with Ross Partners, Vendors, and suppliers.
• Stays aware of on-going projects to ensure Cyber Defense programs protects new and changing systems
• Maintains a strong understanding of current cybersecurity threats and countermeasures, such as Advanced Persistent Threats (APTs), cyber-crime, hacktivism, and associated tactics.
• Knowledge of industry standard frameworks as NIST, ISO, PCI, HIPAA.

COMPETENCIES:
People

• Building Effective Teams (for managers of People and/or Projects)
• Developing Talent (for managers of People)
• Collaboration
Self
• Leading by Example
• Communicates Effectively
• Ensures Accountability and Execution
• Manages Conflict
Business
• Business Acumen
• Plans, Aligns and Prioritizes
• Organizational Agility
With particular emphasis on the following specific position-related competencies:
• Strong influencing skills, both within the IT organization and business units
• Solution oriented. on-time and on-budget win-win mentality
• Customer centric approach with a drive for results and quality of work
• Self-critical, able to evaluate past failures objectively with focus on continuous improvement
• Strong interpersonal skills

QUALIFICATIONS AND SPECIAL SKILLS REQUIRED:

• At least 10 to 15 years of experience in Information Security with demonstrated and progressive responsibility and influence.
• 5 to 7 years leadership experience
• Experience using Attack Frameworks such as MITRE and Cyber Kill chain
Possess a strong understanding of SIEM technologies, secure internet gateways, EDR/MDR, IDS, SOAR, IPS, Email flow and Security,
• Broad knowledge of major technologies, platforms, and systems.
• Ability to develop strategic vision and perform 5-year planning
• Experience writing system requirements
• Experience managing service providers/integrators, including offshore services.
• Strong analytical ability, judgement, and problem analysis techniques
• Strong communication skills both written and verbal and able to effectively operate with VP and above executives.
• Knowledge of industry standard frameworks as NIST, ISO, PCI, HIPAA.
• Strong interpersonal skills with the ability to work effectively in a matrixed organization.
• Ability to work with teams that are geographically distributed.
• Demonstrated ability to execute financial analysis, such as TCO models and ROI.
• Some travel may be required.

PHYSICAL REQUIREMENTS/ADA:

Job requires ability to work in an office environment, primarily on a computer.
Requires sitting, standing, walking, hearing, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.
Consistent timeliness and regular attendance.
Vision requirements: Ability to see information in print and/or electronically.
This role requires regular in-office presence, including to engage in in-person team interaction, meetings and collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in-office and remote work.