Securonix provides the Next-Generation Security and Information Event Management (SIEM) solution. As a recognized leader in the SIEM industry, Securonix helps some of the largest organizations globally to detect sophisticated cyber-attacks and rapidly respond to these attacks within minutes. With the Securonix SNYPR platform, organizations can collect billions of events each day and analyze them in near real time to detect advanced persistent threats (APTs), insider threats, privilege account misuses and online fraud. Securonix pioneered the User and Entity Behavior Analytics (UEBA) market and holds patents in the use of behavioral algorithms to detect malicious activities. The Securonix SNYPR platform is built on big data Hadoop technologies and is infinitely scalable. Our platform is used by some of the largest organizations in the financial, healthcare, pharmaceutical, manufacturing, and federal sectors.
Job Title: Senior Director of IT Security & Compliance
Job Level: Management
Total Experience: 10+ years
Relevant Experience: 8+ years
Primary Skillsets: IT systems & architecture, Cybersecurity
Secondary Skillsets: Management & Leadership, Data administration, Problem Solving
The Senior Director - IT Security and Compliance is responsible for providing leadership in establishing a comprehensive IT and Corporate Information Security program and ensuring compliance. This includes Corporate IT and Security Strategy, Security Administration, Policy and Compliance, Risk and Contingency Management, Security Operations, Threat and Vulnerability Management, Incident Management and Response, and Forensics. The Senior Director, IT Security and Compliance is an integral part of the company reporting directly to the CFO and chairs the companies executive Security Committee on matters of security, standards, risk and compliance.
- Develop, implement, and manage the process for data security, corporate IT strategy and associated architecture. Ensure adequate levels of funding and resources to accomplish associated IT Security annual goals and objectives.
- Helps keep Securonix data secure from both internal and external threats, malicious software and unauthorized data exposure.
- Lead information security and awareness and training initiatives by maintaining corporate security awareness policies and programs including privacy and data classification, retention and destruction of assets.
- Ensure the ongoing integration of IT and information security with business strategies and requirements.
- Ensure access control, business continuity, incident response and risk management needs of the organization are properly addressed.
- Foster a strong Collaboratory relationship internally across all Securonix departments and leaders to leverage our own subject matter experts to increase our internal and external security posture.
- Work with and manage vendors, outside consultants, and other third parties to improve IT and information security within the organization.
- Formulate and implement an incident response program. This includes developing an incident response team, declaring incidents, coordinating and assisting in the investigation of incidents, forensic and eDiscovery, assisting in the recovery from attacks, coordinating with law enforcement agencies, and developing the post-response control strategy.
- Develop, publish, implement and maintain comprehensive company-wide IT and information security plans, policy, guidelines and procedures.
- Monitor information security trends, understand potential threats, vulnerabilities and control techniques. Educate the executive team on all matters of Corporate IT and data security as the spaces evolves over time.
- Defines and communicates the organizational direction and policy for Information Security and IT Risk Management, identifies operational risks, performs ongoing risk assessment, reporting, and remediation. This includes working with senior management to identify, define, and confirm the key threats to the information and financial assets of the Company.
- Responsible for taking a thought leadership role in the recommendation and design of IT and security systems that will protect key information assets. Also provides leadership in defining security requirements in the procurement and/or development and deployment of all new hardware, software, and application systems. Develops business cases and secures funding for security programs.
- Perform research, vendor selection, evaluation, and implementation of IT and security technologies.
- Leads the effort on all compliance initiatives including SOC2, HITRUST, PCI, FedRAMP, Sarbanes-Oxley and other required efforts.
- Foster an effective organization with growing capabilities and talents needed to deliver the plans of the organization. Leverage industry best practices to fundamentally improve the value equation for delivery of IT capabilities.
- Ensure team members maintain certifications, master the latest information security methods via internal and external training, trade journals, seminars, and professional society memberships.
- Develop staffing plans, recruit, hire employees and retains/builds talent. Supervise direct and functional reports. Establish individual performance goals, review performance against goals, provide coaching. Plan, approve and implement programs for timely development and progress of individuals.
- Working with the COO, make timely and smart investments to keep up with growing security threats and Corporate IT needs.
- Bachelor’s Degree in Computer Science, Information Systems, Information Technology, Business or equivalent (MS/MBA, a plus).
- 10+ years of increasing experience in IT Management, Network, Systems Administration and a well-rounded leadership and management background.
- CISSP certification or equivalent security certification / accreditation required.
- A solid knowledge of all security related industry standards and frameworks including but not limited to PCI DSS, ISO 27001/2, NIST, OWASP, SANS, COBIT, ITIL, COSO, FISMA.
- Proven track record in having successfully established and managed Enterprise Security.
- Experience in leading successful PCI compliance, General Computing Controls (GCCs), and other related IT and retail compliance efforts.
- Ability to engage and educate different functional areas on business risk management and compliance requirements.
- Demonstrated ability to drive change in an organization through communication, leadership, influencing and leadership skills.
- Strong technical and business acumen with a proven track record of being able to work and communicate to technical and non-technical associates.
- Excellent leadership and communications skills required.
- Team player with proven track record of working with legal organization.
- Experience managing a matrix team consisting of team members, contractors, and vendors with various skills and disciplines.
- Self-starter with high energy to meet the needs of a demanding business and IT environment.
As a full-time employee with Securonix, you will be eligible for the following employee benefits:
- Our medical insurance is with Cigna as we offer 4 plans to choose from. Our vision and dental insurance are both PPO plans.
- Securonix pays for your STD, LTD and Basic Life AD&D benefit.
- Securonix also provides you access to the Employee Assistance Program (EAP) at no cost. This program, available through Mutual of Omaha, provides professional, confidential telephonic or face-to-face counseling services to you and your loved ones.
- With our 401(K) you are eligible to participate the 1st of the month, following 60 days of employment.
- At Securonix we offer a Flexible Time Off plan, please speak to one of our Talent Attraction Specialists for details.
Securonix is an equal opportunity employer committed to fostering an innovative, inclusive, diverse and discrimination-free work environment. Employment with Securonix is based on merit, competence, and qualifications. It is our policy to administer all personnel actions, including recruiting, hiring, training, and promoting employees, without regard to race, color, religion, gender, sexual orientation, gender identity, national origin or ancestry, age, disability, marital status, veteran status, or any other legally protected classification in accordance with applicable federal and state laws. Consistent with the obligations of these laws, Securonix will make reasonable accommodations for qualified individuals with disabilities.
Furthermore, as a federal government contractor, Securonix maintains an affirmative action program which furthers its commitment and complies with recordkeeping and reporting requirements under certain federal civil rights laws and regulations, including Executive Order 11246, Section 503 of the Rehabilitation Act of 1973 (as amended) and the Vietnam Era Veterans' Readjustment Assistance Act of 1974 (as amended).
Headhunters and recruitment agencies may not submit candidates through this application. Securonix does not accept unsolicited headhunter and agency submissions for candidates and will not pay fees to any third-party agency without a prior agreement with Securonix.
As part of our compliance with these obligations, Securonix invites you to voluntarily self-identify as set forth below. Provision of such information is entirely voluntary and a decision to provide or not provide such information will not have any effect on your employment or subject you to any adverse treatment. Any and all information provided will be considered confidential, will be kept separate from your application and/or personnel file, and will only be used in accordance with applicable laws, orders and regulations, including those that require the information to be summarized and reported to the federal government for civil rights enforcement purposes.