We are looking for a Director of Information Security who will be responsible for all aspects of cybersecurity, GRC, and Data Privacy. This is a transformational and step-up opportunity for a leader seeking a CISO position. It is a key leadership role in the technology organization, reporting to the CTO. The individual can be based in Atlanta, GA, or Boca Raton, FL. The role is multifaceted and requires an entrepreneurial perspective. The successful candidate will possess a mix of leadership, technical, and compliance skills.
Essential Duties:
- Develop and own the organization-wide Information Security strategy, policies & procedures (GRC), and manage implementations of security devices, equipment, controls, and technology.
- Identify, assess, and prioritize cybersecurity risks to the organizations’ information assets and create risk mitigation strategies to address risks effectively, leading incident response efforts and investigation to resolve security incidents.
- Support the sales team during RFPs and presales discussions, conducting vendor risk evaluations, and annual policy certifications.
- Manage MSPs in various security capabilities including enterprise detection and response (EDR), network detection and response (NDR), vulnerability assessment and discovery, identity and access management (IAM), data protection solutions, and event logging systems (SEIM), Application Security (AppSec).
- Develop and execute a strategic cybersecurity roadmap to protect our SaaS products, infrastructure, and data assets
- Establish and enforce security policies and procedures to ensure compliance with industry regulations (e.g. HIPAA, PCI) and best practices.
- Design, evaluate, and architect modern security systems and solutions for both colocation and public cloud environments to safeguard the organization’s infrastructure, networks, and data
- Coordinate with external and internal partners including managed SOC/SIEM and MSP’s on security workflows and playbooks.
- Function as the leader of the cyber response team supporting the investigation and remediation of cyber events and incidents.
- Analyze and assess cyber threats and critical attack surfaces across the enterprise and conduct regular risk assessments.
- Coordinate with 3 rd party vendors and internal partners for timely execution of penetration tests, vulnerability scans, and application security evaluations (SAST, DAST). Implement employee training to enhance cybersecurity awareness promoting an organizational culture of security.
- Collaborate in creating business monitoring requirements including device logging standards.
- Protect customer and intellectual property (IP) data, by developing and enforcing Data Access and Data Privacy standards, in compliance with local laws, regulations, and industry standards (GDPR, CCPA, etc)
- Maintain a comprehensive library of Security policies, procedures, incidents, remediations, and controls. Provide regular reports and updates on the organization's cybersecurity posture to executive leadership, the security governance council, and relevant stakeholders.
- Coordinate and conduct regular security audits and assessments to ensure compliance with data protection laws, regulations, and industry standards.
Qualifications:
- 5+ years of progressive experience with security technology management and operations, with increasing responsibility and management progression.
- Experience with managing and operating end-point security platforms, intrusion detection/protection, next-generation firewalls, email security, SSO/MFA solutions, and security logging and alerting systems.
- One or more industry certifications are required such as CISSP, CISM, or CISA.
- Strong knowledge of HIPAA, NIST CSF, PCI, and CIS frameworks.
- Prior experience planning, researching, and developing security processes and procedures.
- Strong knowledge of secure cloud practices and frameworks, specifically in AWS and Azure.
- Effectiveness in incident response and threat intelligence programs.
- Knowledge of secure application security best practices.
- Excellent troubleshooting skills, self-motivated, results-driven and well-organized.
- Experience with change and incident management processes.
- Effective verbal and written communication skills are necessary to advise and consult with user personnel and make formal presentations of project findings and recommendations.
- Proven organization planning, transformational leadership, and change agent abilities and experience.
- Demonstrated experience with commercial security technologies: Microsoft, AWS, Palo Alto.