Director of Infrastructure Security (closed)
Director of Infrastructure Security
Knowledge, Skills or Abilities Required:
- Leadership- Achieves excellence in all aspects of conducting business.
- Champions change and effectively manages the implementation of new ideas.
- Teamwork- Reinforces a team approach whether engaged with internal IT initiatives or cross-functional projects.
- Supports and solicits input from team members at all levels within the organization. Ensures regular team meetings and team events take place to develop a collaborative environment.
- Employee Development- Participates in all programs and enforces all policies relating to performance evaluations and career development. Strives for consistency and effective feedback in manager evaluations of staff to improve competencies. Impresses upon managers, the importance of the career planning and performance evaluation programs. Creates an environment where innovators can successfully achieve professional career path goals. Manages the development of senior managers, project managers, and principals. Assigns tasks that give managers an opportunity to grow.
- Business Relationship Management- Takes a lead role in building strong relationships with business sponsors to identify business needs and develop strategic solutions to innovate business processes. Tactfully challenge value of proposed business requirements, seeking alternative viable solutions. Involves, as appropriate, senior executive management to address potential impact to transformational goals and related initiatives. Ensure value is realized in delivered solutions.
- Project Management- Manage the strategic aspects of large programs or a portfolio of projects, ensuring all risks are mitigated. Oversee senior managers, managers and technical consultants working on specific projects. Develop, implement and maintain sound business practices.
- Internal Operations- Reviews status reports of Project Managers, Senior Managers, and Managers and addresses issues as appropriate. Lends expertise to internal teams and task forces. Enforces standard policies and procedures. Encourages innovation of processes and technologies that increase operating efficiencies and service quality.
- Strategy Development and Roadmap Management- Develop long-range strategy and program roadmap plans to create a broad-based financial picture for the department. Maintain high degree of accuracy in the preparation of capital and expense budgets, estimation of project effort and resource requirements, and development of sound business cases for execution.
- Strong communicator both written and verbally.
- Adept at determining information needs and tailors messages according to audience
- Excellent communication and presentation skills. Proven ability to interact with all levels of the organization including senior leadership and executives
- Ensure that direct reports, project teams, business sponsors and superiors are well informed of relevant changes and newsworthy events within the company and related programs. Handles difficult personnel situations directly, using appropriate discretion, HR advice, and respect for the individual.
- Provides proactive communication to executive management regarding project status, deliverables and IT Security operational health and risk posture
- Experience working with IT Security software/hardware vendors, security consulting firms and service providers
- Experience managing software/hardware lifecycles and maintenance contracts in partnership with Procurement and IT Finance organizations
- Experience conducting requirements-based product comparisons and brining in new solutions
Technical Knowledge, Skills and Abilities
- Demonstrates success in driving a security-conscious culture and transforming large organizations towards a proactive and mature security posture
- Experience serving as a technical IT Security expert representative across teams, both business and information technology.
- Demonstrates ability to provide effective thought leadership and guidance in the design and implementation of security solutions
- Effective at bridging between technology and business needs, while considering value, cost, and organizational impact associated with change management.
- Experience in establishing effective communication packages, metrics and measurements to monitor quality of services and risk posture
- Highly effective in troubleshooting security events and incidents and driving effective resolution
- Possesses knowledge of complex information technology and infrastructure concepts integral to IT Security, including but not limited to network, storage, database, server, workstation, application development and internet system architectures.
- Effective in driving integration and alignment with enterprise support processes, such as change management, problem management and incident management
- Experience in establishing and enforcing security configurations and standards across project teams and technology platforms
- Expert knowledge of key security models and regulations such as ISO 2700X, SOX, PCI, GLBA and HIPAA.
- Experience managing IT Security related internal and external audit requirements
- Experience deploying and managing enterprise security technologies and services, including but not limited to encryption (whole-disk, email/file, PKI), endpoint security (antivirus, HIPS, PFW), network security (firewalls, intrusion prevention, web content filtering), threat/incident management (SIEM), Data Loss Prevention, and access control/administration.
- Demonstrates success in managing IT Security operations and service delivery to meet or exceed SLAs and OLAs
- Capable of successfully handling multiple large-scale enterprise projects at one time
- Highly experienced in designing and implementing Identity and Access Management solutions, including role management, provisioning, on-boarding and single-sign-on capabilities.
- Expert knowledge of threat and vulnerability management processes and technologies (Qualys, Core Impact, WebInspect, etc.)
- Experience designing and implementing enterprise patch management programs
- Knowledge of secure application development practices and architectures
- Experience in driving communications, decision making and coordinating response activity for Computer Security Incident Response Team (CSIRT)
- Actively participate in professional organizations such as ISSA, ISACA and InfraGard.
Education and Experience:
- Bachelor's Degree in Computer Science, MIS, Business Administration or similar area of study.
- Twelve years of relevant IT experience and five years prior leadership experience required. An additional four years of related experience may substitute for the Bachelor's degree.
- Master's Degree Computer Science, MIS, or Business Administration
- Ten plus years of relevant IT experience and five plus years prior leadership experience managing large groups.
- Fortune 500 experience
Certificates, Licenses and Registrations:
One or more of the following is required:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
Preferred professional certifications desired include:
CISA, CWSP, GIAC
Preferred vendor certifications include:
CCNA, CCNP, CCSP, MSCE