Director, Cyber Security - Melville, NY

Summary
The Director of Cyber Security role is a senior-level position responsible for planning, analyzing, designing, configuring, testing, implementing, maintaining, and supporting the API’s computer, network and applications security in a way that is responsive to changes in compliance obligations, regulations, and risk.  The Director of Cyber Security is expected to have a thorough understanding of complex IT systems and stay up to date with the latest security standards, systems, and authentication protocols, as well as best practice security products.  The Director of Cyber Security is expected to quickly learn the business and have a comprehensive awareness of its technology and information needs to develop and test security structures that protect its software, systems, and products.

Essential Functions: Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Maintain, support and design enterprise-class security systems for a production environment
• Implement, maintain and support multiple standards (ISO27001, SOC2 TYPE 2, GDPR & PCI-DSS)
• Align standards, frameworks and security with overall business and technology strategy
• Identify and communicate current and emerging security threats  
• Design security architecture elements to mitigate threats as they emerge
• Work with software applications leaders to ensure software applications meet highest security best practices and address OWASP, SonarQube and Qualys findings.
• Create solutions that balance business requirements with information and cyber security requirements
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Conduct regular system tests and ensure continuous monitoring of network and applications security
• Develop project timelines for ongoing system upgrades
• Ensure all personnel have access to the IT system limited by need and role
• Establish and test disaster recovery procedures and conduct breach of security drills
• Promptly respond to all security incidents and provide thorough post-event analyses

Required Skills and Experience

• Security architecture, proving solutions delivery, principles, and emerging technologies
• Designing and implementing digital security solutions, including continuous monitoring and making improvements to those solutions, and working with an information security team
• Strong knowledge of relevant National Institute of Standards and Technology (NIST) standard, ISO27001 specifications, SOC2 TYPEII attestation and PCI-DSS certification.
• Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements
• Security considerations of cloud computing, including data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks
• Demonstrated experience in identity and access management (IAM)
• Experience integrating the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources
• Solid understanding of Windows, *NIX, and Cloud Security (AWS preferred)
• Exceptional communication skills with diverse audiences
• Strong critical thinking and root cause analytical skills
• Strong leadership, project, and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments
• Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
• The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background
• Proven subject matter expertise in relevant areas, such as computer forensics, incident response, intrusion analysis, incident handling, malware analysis, and/or security engineering
• Demonstrate experience in an enterprise-level incident response team or security operations center

• Direct experience handling advanced cyber security incidents and associated incident response toolsets

EDUCATION AND CERTIFICATIONS
The successful candidate will hold:

• 7 years of experience in cybersecurity, security architecture or computer network defense
• A Master’s degree in an IT or cybersecurity field is highly preferred
• Certified Information Systems Security Professional (CISSP)
• Certificate of Cloud Security Knowledge (CCSK)
• Certified Ethical Hacker (CEH)
• Certified Information Systems Auditor (CISA)
• SANS-related certifications

Position Type and Expected Hours of Work
Full time, Monday through Friday, normal core business hours and as needed on nights and weekends unless otherwise specified.

Travel Requirements
May require occasional travel

Compensation
Good faith annual salary range for this position is $140,000 - $160,000 and is commensurate with experience and location.  
 

Who We Are

API is the global leader for crew accommodation solutions, and we are changing the way businesses manage travel. Our technology platform streamlines the entire crew planning process, making day-to-day operations more efficient and elevating the crew layover experience. API’s proprietary technology, mobile solutions and our experienced team are positioned to offer our clients a complete, end-to-end platform that integrates seamlessly into their process. We are looking for dynamic, creative, and tech savvy individuals to join our team. If you are passionate about hard work, providing impeccable service, technology, and solutions to our clients then API may be a great fit for you!

Other Duties

Duties, responsibilities and activities may change at any time according to business needs.

The performance of additional responsibilities if you are designated as a Data Protection Champion (DPC), Senior Information Risk Owner (SIRO) or Information Assurance Accounting Officer (IAAO).

Work Environment

This position operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand, walk; use hands to finger, handle or feel; and reach with hands and arms.

AAP/EEO Statement

Accommodations Plus International is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, genetic information, arrest record, or any other characteristic protected by applicable federal, state or local laws. Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities and general treatment during employment.

Powered by JazzHR

ORQjGC33MF