Director, Information and Cyber Security

DUTIES AND RESPONSIBILITIES: 

• Develops and maintains a complete understanding of Aligned’s technology and information systems. 

• Directs the development and maintenance of Incident Response Plans and Cybersecurity procedures for information technology. 

• Maintains current knowledge of the cyber security industry, digital privacy regulations, and standards for all regions. 

• Identifies and communicates current and emerging security threats. 

• Directs the architecture, design, build, implementation, and support of enterprise-class security systems based on the Center for Internet Security (CIS) controls and related standards. 

• Designs security architecture elements to mitigate threats as they emerge. 

• Anticipates stakeholder needs to discusses potential security and privacy solutions. 

• Oversees and analyzes security assessments, including security program reviews, penetration testing, vulnerability testing, risk analysis, and provide recommendations related to findings. 

• Create solutions that balance business requirements with information and cybersecurity requirements. 

• Review and recommend security configuration and policies for firewalls, VPN systems, routers, IDS scanning technologies, servers, computers, mobile devices, audio/visual devices, IOT and IT systems. 

• Ensures integration of projects and adjusts project scope, timing, and budgets as needed, based on the needs of the organization. 

• Reviews and analyzes system logs, security tools, and network traffic for unusual or suspicious activity, and makes recommendations to restore secure operations. 

• Reviews and tests new security software, tools and/or technologies to determine applicability to operations. 

• Directs ongoing interviews and assessments with internal groups and management for the purpose of learning how employees interact with technology and to integrate cybersecurity measures. 

• Works closely with internal auditing, legal, and IT teams to ensure compliance with applicable legal, regulatory, and industry requirements (e.g., FERPA, HIPAA, PCI-DSS, FIPS, NIST, CISA, ISO 27001, etc.). 

• Works with Senior Leadership to formulate a comprehensive, strategic technology plan that is consistent with the overall business objectives and budgetary considerations. 

• Oversees annual operating and capital budgets for all security platforms and hardware.  

• Manages suppliers and vendors for information security and cyber security. 

QUALIFICATIONS: 

• Equivalent experience or graduation from an accredited 4-year college or university degree in a job-related field of study. 

• Five (5) years of experience responsible information security and cyber security management. 

• Practical experience in Red, Blue, and Purple INFOSEC tasks and roles. 

• Experience deploying and managing cyber security, digital privacy, and information security solutions for remote access, identity access management, and cloud based services. 

• Experience leading ITIL V4 based processes (incident, change, problem, root cause analysis).    

PREFERRED CREDENTIALS: 

• CISSP- Certified Information Systems Security Professional 

• GSLC- GIAC Security Leadership 

• CISM- Certified Information Security Manager 

• CCSP- Certified Cloud Security Professional 

PREFERRED CLEARENCES: 

• SCI/SAP L Clearence 

• SCI/SAP Q Clearence 

• Completed & Cleared DCSA Background