DIRECTOR, INFORMATION SECURITY
Company: AccelerEd
Location: Bethesda
Posted on: November 20, 2024
|
|
Job Description:
The Director of Information Security is responsible for
developing, implementing and monitoring a strategic, comprehensive
enterprise cyber security and IT risk management program. The
Director of Information Security provides the vision and leadership
necessary to manage the risk to the organization and will ensure
business alignment, effective governance, system and product
availability, integrity and confidentiality. The Director of
Information Security is an integral part of the Information
Security team supporting our customers.This is a hybrid role and is
currently based at one of our client's sites in Adelphi,
MD.RESPONSIBILITIES:Conduct a thorough assessment of the company's
security needs, priorities and opportunities in order to visualize,
create, and execute on an information security program.Design and
develop an information security roadmap to align and scale with
company growth.Lead security assessment and testing processes,
including but not limited to penetration testing, vulnerability
management, and secure software development at a global level.Plan
for and manage incident response plans while minimizing the effect
on the business.Develop and extend security tooling and automation
efforts across the organization.Proactively identify security
issues and potential threats and continuously build processes and
design systems to watch for and protect against them.Lead
compliance activities including external audits, regulatory
compliance projects, and overall information security
reviews.Educate the organization about these threats and implement
threat protection measures.Serve as a cross-functional leader and
provide direction to key, accountable stakeholders in a matrix
environment with dotted-line reports embedded within the
business.Serve as the information security expert in front of the
Executive team.Advocate for secure application and infrastructure
best practices, ensuring a security presence at all stages of the
software development lifecycle.Manage relationships with external
information security technology vendors and specialized information
security professional services firms.Attract, develop, and retain a
highly talented team as the information security program
grows.MINIMUM QUALIFICATIONS, EDUCATION, KNOWLEDGE, SKILLS, AND
ABILITIES:EDUCATIONMaster's degree in cybersecurity, information
management, information technology, computer science, engineering,
business management, or related fields.8+ years of relevant
experience in the information security space.4+ years of
progressively responsible management and/or leadership experience
in information security or network administration which includes
two years of supervisory experience. Experience with an institution
of higher education is preferred.Professional certification or
equivalent in information security, preferably inCISSP(Certified
Information Systems Security Professional), CISM/A (Certified
Information Security Manager/Auditor), CompTIA Security+, Certified
Ethical Hacker, or CCSP (Certified Cloud Security Professional),
Certified Intrusion Analyst (GCIA).KNOWLEDGE, SKILLS AND
ABILITIESExperience developing, maintaining, and implementing an
Information Security Program (ISP) including policy and strategy
development, preferably in higher education.Experience addressing
information security-related issues involving identity and access
management, intrusion detection, forensics, incident management,
risk management and/or auditing.Experience evaluating and providing
guidance on information security software and hardware
acquisitions, IT services, cloud-based solutions, and
mobility.Knowledge of security assessment and testing
tools.Experience with developing and managing an information
security awareness and training program.Experience with information
security and compliance-related issues (e.g. FERPA, HIPAA, PCI-DSS,
GLBA, copyright and software piracy).Experience in managing and
negotiating vendor contracts and agreements.Ability to communicate
effectively in writing and oral presentations.Strong business
acumen and a collaborative, influential partner able to educate,
build relationships, and foster the adoption of sound security
practices (commitment + compliance).Expert experience with cloud
security, platforms, and services, including understanding of
current security offerings from leading cloud service providers
(e.g. AWS, Azure, etc.), and their applicability to securing a SaaS
enterprise security environment.Experience in the evaluation and
implementation of industry-standard enterprise-wide information
security technologies and concepts, including but not limited to:
SEIM, Application Security, Cloud Security (AWS), Data Loss
Prevention, Security Event Management, Threat and Vulnerability
Management and Identity and Access Management.Clear understanding
of relevant information security governance, technical and security
standards and regulations. Familiarity with industry security
standards and compliances including OWASP, FedRAMP, AICPA SOC, NIST
800-53, 800-171 ISO 27001, CMMC, and ISO 27018 as well as current
data privacy regulations, including GDPR and regional standards.
Deep knowledge of networking and network security.Strong
understanding and experience with Secure SDLC and DevSecOps or
security automation. Ability to work under pressure across multiple
stakeholders.Excellent written and communication skills and ability
to communicate across all levels of an organization.Must be
authorized to work in the United States for any employer. We are
not offering sponsorship now or in the future.#J-18808-Ljbffr
Keywords: AccelerEd, Montgomery Village , DIRECTOR, INFORMATION SECURITY, Executive , Bethesda, Maryland
Click
here to apply!
|