Director, IT Security OperationsLocation: San Jose, CA
Posted On: 07/24/2020
Requirement Code: 41189
This a 6 months Contract-to-Hire position:
The IT Security Director provides vision and leadership for the organization's overall Cybersecurity posture and culture. Developing Security Policies and Procedures, driving security initiatives, directing the planning and implementation of enterprise IT systems, applications, and infrastructure from a security perspective are important aspects of this role.
The IT Security Director is expected to interface with peers in the IT Systems and Network teams as well as with the leaders of the various business units to share the corporate security vision, soliciting their feedback to achieve higher levels of enterprise security through information sharing and cooperation.
Strategy & Planning
- Participate as a member of the senior IT management team to define and develop governance processes for the organization.
- Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology.
- Develop and communicate security strategies and plans to executive teams, staff, partners, customers, and stakeholders.
- Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits and demonstrations.
- Develop, implement, execute, and maintain the organization's comprehensive Written Information Security Program (WISP).
- Develop and maintain security policies and procedures based on industry-standard best practices.
- Continuously improve the organization's security stance and framework.
- Define and execute the organization's security awareness training program.
- Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions and improved security processes.
- Lead and/or review the selection of additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Act as advocate and primary liaison for the company's security vision via regular written and in-person communications with the company's executives, department heads and end users.
- Work closely with other IT Leaders on corporate technology development to fully secure information, computer, network and processing systems.
- Audit the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems and anti-virus software.
- Recommend and implement changes in security policies and practices in accordance with changes in HIPPA, local or federal law.
- Creatively and independently, provide resolution to security problems in a cost-effective manner.
- Collaborate with IT leadership, corporate governance & compliance teams, and Human Resources to establish and maintain a system for ensuring that security and privacy policies are met.
- Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors and partner organizations.
- Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel and educate executive and management teams on their relative importance and financial impact.
- Monitor the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
- Manage the enforcement of enterprise security documents.
- Supervise all investigations into problematic activity and provide on-going communication with senior management.
- Supervise the design and execution of vulnerability assessments, penetration tests and security audits.
- Keep a keen watch for new vulnerabilities and exploits and execute documented incident response procedures to deal with them.
- Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents.
Other Core Responsibilities
- Accountable for outstanding customer service to all external and internal customers.
- Take initiative and action to respond, resolve and follow up regarding customer service issues with all customers in a timely manner.
Minimum Education & Experience:
- B.S. degree in Computer Science or related technical discipline.
- M.S. degree in one these fields or Information Security desired.
- A HiTrust certification such as ?????Certified Information System Security Professional????? (CISSP).
- 7 plus years' experience managing and/or directing an IT Security Organization.
- 12 years' experience working in IT.
- Experience in Healthcare and with HIPPA technical standards highly desired.
- Experience implementing Cybersecurity frameworks such as SOC2, ISO 27001, NIST, CIS Top 20, PCI.
- Extensive experience with IDS/IDP systems, IAM systems, Log Management systems, SIEMs, WAFs, etc.
- Proven experience in planning, organizing, and developing IT Security technologies.
- Demonstrated experience developing and executing security policies, plans, and standards.
- Considerable knowledge of business theory, business processes, management, budgeting and business office operations.
- Substantial exposure to data processing, hardware platforms, enterprise software applications and outsourced systems, especially Microsoft Technologies such as Active Directory, SCCM, etc.
- Public cloud experience (AWS, GCP, Azure) with Azure experience highly desired.
- Experience with systems design and development from business requirements analysis through to day-to-day management.
- Excellent understanding of project management principles.
- Proven leadership ability.
Minimum Knowledge, Skills & Abilities:
- In-depth knowledge of applicable laws and regulations as they relate to security.
- Excellent knowledge of networking technologies (firewalls, routers, WiFi, SDWAN, etc.).
- Strong knowledge of industry standards and best practices for IT Security.
- Ability to set and manage priorities judiciously.
- Excellent written and oral communication skills.
- High Emotional Intelligence (interpersonal skills).
- Strong negotiating skills.
- Ability to present ideas in business-friendly and user-friendly language.
- Exceptionally self-motivated and directed.
- Keen attention to detail.
- Superior analytical, evaluative and problem-solving abilities.
- Exceptional service orientation.
- Ability to motivate in a team-oriented, collaborative environment.