Information Security - Associate Director
Fulltime
Boston, MA (Hybrid – 3 Days Onsite)
About The Job
The Information Security professional (15 yrs) oversees efforts to uphold confidentiality, integrity, and availability of information systems. They are responsible for prioritizing information security awareness, vulnerability avoidance, threat protection/detection, incident response, breach recovery, and business continuity.
Role Responsibilities
- Maintains a comprehensive understanding of potential threats to information system confidentiality, integrity, and availability.
- Owns information processing system administration tasks related to authentication, authorization, threat detection/protection, breach response, recovery, and business continuity.
- Drives the classification of data and systems (public, private, confidential, compliance confidential) across company assets.
- Participates in threat modeling, including assessing likelihood/frequency, impact, risk reduction, recovery, and associated costs.
- Reviews, updates, and approves company policies and standard operating procedures related to information security.
- Participates in Change Approval Board (CAB) meetings, providing input on changes with information security implications.
- Recommends, drives, and tracks information security awareness training initiatives.
- Ensures the implementation of appropriate security software solutions for intrusion prevention/detection, data loss protection, anti-virus, phishing (email), network scanning, software vulnerability scanning, static code analysis, and security information and event management (SIEM).
- Reviews system and security software logs for signs of anomalous behavior.
- Tracks results from static code analysis and application scanning tools, prioritizing vulnerability remediation with development team leaders.
- Tracks results from network penetration testing, prioritizing vulnerability remediation with operations team leaders.
- Serves as the primary point of contact for suspected or actual security events.
Qualifications & Experience
- Degree in a related field or equivalent experience.
- Industry training/experience in information security management and administration.
- Demonstrable experience in the following:
- Encryption (symmetric and asymmetric)
- Authorization
- Authentication (local, centralized, federated)
- Principle of least privilege
- Data/system classification
- Database security
- Public key infrastructure
- x.509 certificates and certificate management
- Networking
- Operating system administration
- Physical security
- Data/device cleaning, purging, and destruction
- Google Cloud Platform (GCP) Security and Best Practices.
- Awareness of data privacy compliance regulations including HIPAA, HITECH, PCI/DSS, and GDPR.