BCTG’s direct retail client is looking to hire a Director of IT Security. Client is NOT sponsoring. As a candidate for this role, you’re able to seamlessly switch from diving deep into technology with engineers to driving high level, strategic discussions around cloud roadmaps and security patterns. You are a naturally curious technologist and stay on top of emerging trends, including hands-on prototyping of nascent technologies. You are not afraid to question any existing processes and solutions, yet you display a keen sense of business value proposition and focus on the right priorities. You see security as an enabler and differentiator to enable the business through innovation, not a step in the compliance process. You work with the business and technology partners to achieve goals and objectives in a secure manner with a heavy forward lean on modern data and technology architectures.
You thrive in working in a fast paced, technologically forward leaning environment and are not afraid to push the boundaries of security capabilities.
This position reports directly to the Vice President of Infrastructure and Security and will be accountable for multiple cybersecurity governance and risk management functions. Candidates with diverse backgrounds and mindsets to drive a holistic approach to cybersecurity are encouraged to apply. We are looking for relevant, collaborative leadership experience, proven execution ability and technical cybersecurity competency as key indicators of success for this role.
- Technical and Delivery Lead our Enterprise Endpoint program. Oversees the vision, roadmap, trade-offs and delivery across the enterprise with a relentless focus on balancing security with simplification.
- Cyber security council to senior leadership
- Operate as a trusted advisor on cyber security as well as for a specific technology, platform or capability domain, helping to shape use cases and implementation in an unified and consistent manner
- Bring in a larger context to software and infrastructure teams across multiple domains/departments and guide their architecture evolution in response to business changes
- Build awareness, increase knowledge and drive adoption of modern technologies, sharing consumer and engineering benefits to gain buy-in
- Effectively communicate with and influence key stakeholders across the enterprise, at all levels of the organization
- Execute Cybersecurity risk assessments. Ensure appropriate monitoring and reporting of issues.
- Provide consultation to IT and Business areas to mitigate risk through subject matter expertise of policies and standards and knowledge of security, technologies, and processes.
- Support a common risk management agenda with other key stakeholder groups, Evaluate and drive mitigation of residual risk.
- Support programs, such as vulnerability management, penetration testing, red team, PCI-DSS, and other governance functions as needed.
- Support the monthly operating report process that provides risk related metrics and activity reports. Utilize critical analysis skills to identify trends, patterns, and areas of concern that needs to be addressed.
- Maintain library of IT Risk Management and internal policies and procedures. Assist with governing and facilitating the policy/standard maintenance lifecycle, including driving necessary policy changes.
- Influence the establishment and implementation of the information security policy. Reviews the development, testing and implementation of appropriate security plans, products, and control techniques. Identifies emerging vulnerabilities, evaluates associated risks, and threats and provides countermeasures where necessary.
- Maintains contact with industry security standard setting groups, and an awareness of State and Federal legislation and regulations pertaining to data privacy and information security. Proposes changes in firm-wide security policy when necessary.
- Supports risk management by tracking and making senior IT leaders aware of the effectiveness and maturation of their general IT control environment.
- At least 7 years’ experience in cyber security.
- Background working on large-scale projects and the ability to manage multiple processes and projects at once while building constructive working relationships across the different teams, functions and demonstrating.
- Ability to understand large projects and prepare executive level reporting, capable of strategic thinking and of moving strategic plans into action.
- Familiar with information system security architectural documentation standards; able to apply IT security standards, directives, guidance and policies to an architectural and risk-based framework.
- Skills to read and interpret technical design documentation for M365 and Cloud; understand enterprise architecture frameworks and can independently author and assess technical architectures for compliance to security standard and better practices
- 5+ years of experience in Endpoint security (malware, antivirus, behavioral analysis, forensics)
- CISSP, CISM, CRISC, or CISA preferred
- Experience in managing and accessing information security risks Detailed knowledge of CCPA, NIST, PCI, SOC Experience with enterprise level identity management to support trusted interactions between disparate entities