Short DescriptionLead a 24√?7 team of senior incident response engineers and forensic investigators to contain, investigate, mitigate and recover from information security incidents and appropriate use risk events
- Build and lead a 24√?7 team of experienced cyber threat analysts to monitor and analyze security events
- Build and lead a team of security threat management solution designers and developers to envision, design, build, and implement automated threat detection and blocking solutions using behavior-based and indicator-based detection, machine learning-powered artificial intelligence, big data analytics and visualization, automated adversary deception, real time forensics, and other leading technologies.
- Lead a 24√?7 team of senior incident response engineers and forensic investigators to contain, investigate, mitigate and recover from information security incidents and appropriate use risk events
- At least 3 to 7 years of senior leadership experience in the information security discipline in Fortune 100 size organizations.
- Exceptional written, visual and verbal communication skills and experience communicating effectively with executive business leaders and external customers.
- Proven track record of identifying, hiring and retaining the top talent in cyber security, survivable system engineering, and IT risk management resource markets.
- Experience in designing, building and managing global mission-critical 24√?7 organizations that use a variety of staff sourcing models (co-sourcing, offshoring, etc.).
- Experience in staffing, mentoring, coaching, and managing leadership teams consisting of multiple directors and senior managers.
- Demonstrated track record of successfully developing and maturing cyber risk organizations with the emphasis on delivering results.
- Deep understanding of and prior hands-on experience in all major information security, appropriate use, and survivable system engineering functions and activities including policy setting, vulnerability/risk research, security/availability architecture, system security/survivability engineering, incident response, cyber risk operations, cyber risk audit/compliance.
- Track record of successfully executing profound organizational changes while maintaining support, buy-in and commitment from all stakeholders.
- Complete architecture-level understanding of all major information security and appropriate use enforcement technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, active adversary deception, and others.
- Deep understanding of all applicable regulatory standards and requirements including HIPAA, NAIC ORSA, FISMA, NAIC MAR, and others.
- Demonstrated ability to influence business leadership and cross-functional teams.
- Proven track record of managing all aspects (scope, budget, schedule, quality) of cross-functional large-scale IT/business projects in Fortune 100 scale global environments.
- Externally recognized information security and IT risk management industry thought leadership and innovation accomplishments.
- Strong skills and experience in designing and documenting complex processes, and identifying and eliminating deficiencies in existing process designs.
- Understanding of contemporary security vulnerabilities, exploitation techniques and attack vectors.
- Demonstrated ability to establish and maintain strong working relationships with external customers, suppliers, business partners, industry peers.
- A widely-recognized professional certification such as CISM or CISSP is strongly preferred
Director of Cyber Risk Operations