Position Brief

?      Sr. Director position reports directly to CISO and will be responsible to provide leadership to CyberSecurity organization supporting security solutions, manage and direct CyberSecurity initiatives and operational services. This position will closely work with CTOs and serve as a liaison to coordinate and strategize technology efforts and risk priorities. The position is also responsible to provide guidance and advocacy on Policies, Standards and Guidelines of Information Security and Regulatory Compliance.

Key Requirements

• 15 years of Information Technology experience including 5 years of CyberSecurity Management experience.
• Must have a solid background in Enterprise-wide Information Security and Risk Management; including Regulatory Compliance, Legal and Privacy laws.
• Strong experience handling Security Incidents and conducting Forensic Investigations.
• Should have experience in working with a multinational company and with global teams, preferably managing teams across geographical locations.
• Proven experience in developing and dissemination of Information Security Policies, Standards and Guidelines.
• Experienced in leading application development and/or Application Security with solid knowledge of SDLC.
• Excellent understanding of Security Management standards such as NIST CSF (CyberSecurity Framework).
• Excellent Interpersonal and Organizational skills to present and provide expert consultation to C/E Level management.
• Should be certified in CISSP/CISM/CRISC.

Auxiliary Skills (to be used while sourcing profiles)

•                  Information Security Risk Management, Unified Threat Management
•                  Application Security, Access Controls, Identity and Access Management
•                  CSIRP, Forensic Investigations, Cyber Defense
•                  Data Privacy, Audit and Compliance (SOX, ISO 27001, PCI, SAS70, COBIT)

Inapt Experience

•                  Delivery Managers from Services organization.
•                  Account Managers for Security Delivery.
•                  Management experience only with SOC.
•                  Portfolio management within Managed Security Services.

General Questionnaire (not limited to)

• What is your vision for a security organization & how does it fit in with your corporate culture?
• How do you design security around legacy and cloud architectures?
• What specific threats do you see from Internet of Things?
• How do you balance User Experience and Security Needs?
• Do you understand the difference between risk driven and business driven security?
• Were you responsible for creating a Cyber Security Strategy? What does it look like?
• How do you track to know if your security strategy and solutions are failing?
• How do you sell security to senior executives or to the company at large?
• What is your vision for protecting the most critical assets and data? How to be future-proof?
• What methods/approach do you use/take to prioritize risk, response and recovery?

see full job description below:

Job Overview

The Sr. Director Information Security establishes and maintains the enterprise vision, strategy and program to ensure information assets and technologies are adequately protected.  The Sr. Director is responsible for all IT security aspects of the organizations information technology and systems, including policies, standards, and oversight of security operations.  The Sr. Director Information Security demonstrates expertise in business environments, familiarity with regulations (SOX, ISO 27001, PCI), experience with auditing, risk management, vulnerability assessments, and incident management.

Key Responsibilities

• Provide information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information. Involved in the evaluation of products and/or procedures to enhance productivity and effectiveness.
• Take various input, internal and external, to make course corrections and changes to the Information Security program, roadmap and strategy
• Extremely knowledgeable and capable security thought leader able to influence rationale changes to all IT projects related to security improvements
• Lead others in the resolution of highly sensitive and confidential issues on behalf of the department. Accountable to deliver responses and actions for audit findings reported by internal and external auditing departments and communicate to Executive Management
• May lead forensic investigations and Computer Security Incident Response of significant scope and confidentiality and report back to senior leadership / legal
• Provide expert level coaching to junior security staff and act as a role model / mentor; is positioning for a Senior IT Security leadership role
• Owns relationships with Senior IT Engineering leadership to ensure critical integrations are occurring between security solutions and infrastructure solutions; most notably when CA integrations can occur, these should be worked through R&D and patents should be pursued
• Define requirements for the appropriate level of monitoring, logging and alerting in all security solutions hosted internally or externally such that access controls are enforceable and compliant to business requirements and/or regulations
• Drive the implementation of complimentary solutions that improve the effectiveness and reliability of existing or future IT Security solutions
• Provide innovation in security knowledge, practices, or procedures by testing and adopting new solutions and methods as part of your department goals
• Goal and customer service focused. During times of emergencies, outages and project planned work; be on call and available until the event is addressed. During system conversions, extra effort may be required in order to ensure the roll out of the system is successful.
• Perform other job-related duties as assigned and may assume the responsibilities from other security roles occasionally.

Job-Specific Authority and Scope

• Generally, works without consulting their manager.
• Independent decisions are made daily.
• Typically has a total staff of 2-10.
• Typically has a geographic focus of Region (APJ).

Preferred Education

Bachelor's degree required, master's degree preferred (major in computer science related discipline or information systems discipline preferred)

Work Experience

1. Fifteen years’ information technology experience including 5 years of cyber security management experience.  Must have a solid background in enterprise wide information security protection.
2. Five years’ people management experience including hiring, coaching, and developing internal staff members and managing external resources to achieve goals and deliverables.
3. Proven ability to lead and influence organizations leaders to support efforts and implementation of strategic initiatives that impact organization's performance, systems, processes and structure.

Skills & Competencies

• As an expert in the field, use professional concepts in developing resolution to critical issues and broad design matters
• Advanced knowledge of security issues, techniques and implications across all platforms
• Provide expert direction to leadership in regards to security technologies and processes; Fully versed on all including emerging technologies, methods, and design considerations
• Interpret department strategies and services, resolve conflicts, influence outcomes on matters of significance for the division, conduct final negotiations and coordinate approvals/decision making below the executive level
• Expert level understanding of Security Information & Event Management concepts
• Expert level understanding of regulatory controls and industry standard like SOX, ISO27000, PCI & SAS70 Type2
• Outstanding Oral and Written Communication as well as the ability to interact effectively with peers and Senior Mgmt.
• Expert ability to coach and mentor junior staff
• Expert level understanding of various operating systems and security configurations within (i.e.: AIX, Mainframe, Redhat, Solaris, Windows, Suse, Cisco IOS, Apple MacOS, Apple IOS, Google Android)
• Expert knowledge of IT Security Risk management practices
• Expert level familiarly with ITIL practices such as Incident, Request, Change, and Access & Problems Mgmt.
• Expert level skills utilizing Microsoft Office applications
• Exceptional interpersonal skills in areas such as teamwork, facilitation and negotiation.
• Understanding of the political dynamics of the enterprise and ability to navigate them.
• Excellent analytical and technical skills. Broad range of management, business, and leadership skills required.
• Excellent planning and organizational skills. Proven ability to manage concurrent complex projects.
• Ability to effectively manage time and costs through activity duration, sequencing, estimating, schedule development and control, resource planning and cost estimating and budgeting and control using program management practices.
• Proven ability to manage programs across global centers.
• Ability to effectively manage risk through risk identification, quantification and control using formal program management practices.
• Ability to understand the long-term ('big picture') and short term perspective of situations.
• Ability to estimate the financial impact of alternatives.
• Ability to apply multiple technical solutions to business problems.
• Ability to quickly comprehend the functions and capabilities of new technologies.
• Expected to understand and apply system management, performance timing and troubleshooting techniques.
• Remain unbiased toward any specific vendor or technology choice; is more interested in results than in personal preferences.
• Interprets department strategies and services, resolves conflicts, influences outcomes on matters of significance for the division, conducts final negotiations and coordinates approvals/decision making below the executive level.
• Displays intellectual integrity

Certifications

Has completed all relevant certifications in Security field. CISSP, CISM & ITIL v3 are required; for selected candidates not possessing these certifications, they must be attained within the first year. CCFE, CHFI or other forensics certification desired.