View all jobs

Sr. Director of Cybersecurity

Plano, TX
Job Purpose:
The Sr. Cybersecurity Director oversees:
  • Cybersecurity Operations Center
  • Cybersecurity Governance,
  • Cybersecurity Architecture,
  • Cyber Incident Response,
  • Cybersecurity Engineering
  • Cybersecurity Service Desk teams.
Responsible for maintaining the Confidentiality, Availability and Integrity of all information systems of the corporation. Provides strategic vision and direction to the Cybersecurity Office on research, selection, implementation, monitoring and management of a variety of Cybersecurity tools which assist the CISO in protecting company assets against all threats.
Essential Duties:
Cybersecurity Operations Center. (20%)
  1. Provide management and leadership for a team of Security experts responsible for security monitoring and 24-hour alert response.
  2. Monitors and protects all corporate assets.
  3. Monitor tools selected to thwart hacking attempts.
  4. Conducts research and reconnaissance of online resources to monitor negative commentary about the company, and to locate potentially leaked data and work to remove it from public view.
  5. Monitors and protects the companies and executives cyber presence.
  6. Administrates corporate vulnerability management and patching program.
  7. Maintain weekly monitoring status of key security items in order to protect company assets, physical and logical.
Cybersecurity Engineering. (20%)
  1. Provide guidance to a team of Security engineers who research and evaluate tools to be used by internal corporate teams to protect the confidentiality, integrity and availability of assets.
  2. Lead the team in negotiation strategies with vendors in order to leverage best pricing and contract term on tool selection.
  3. Assist team members with technical issues and support during implementation process.
  4. Develop and guide the corporate Cybersecurity framework.
  5. Research and implement tools to thwart attempts at hacking.
  6. Reviews Network for vulnerabilities and works with the Network department head to implement changes to offer maximum protection.
  7. Work with the IT Architecture department to ensure that all hardware and software solutions maintain corporate Security standards.
  8. Conduct security audits on subsidiary and remote office locations to ensure adherence to corporate policy. Assist with implementing Security controls to help meet standards for physical and logical security.
Cybersecurity Architecture. (20%)
  1. Provides security subject matter experts during software development Lifecyle events to ensure continued awareness and integration of security principals.
  2. Stays up to date on secure coding principals and top web based (OWASP) threats, ensuring corporate websites and applications have adequate protections in place.
  3. Retroactively reviews, tests and reports on the security posture of applications and websites.
  4. Provides subject matter expertise on database security and communications methods between applications and data stores.
Cyber Incident Response Team. (15%)
  1. First responders to any cyber-incident such as a website hack, data breach, insider threat or other computer related incident.
  2. Lead investigations by working with legal and HR to provide data discovery while following chain of custody rules for proper preservation.
  3. Keep up to date on laws and regulations regarding computer fraud and abuse, and data discovery processes regarding these laws.
  4. Develops and implements information systems disaster recovery plans.
  5. Assures timely and comprehensive backups of all information technology data and system configurations.
  6. Develops and maintains thorough Business Continuity plans including department call trees and specific processes to recover from a variety of disaster scenarios.
  7. Participate and document departmental disaster recovery procedures to contribute to the master continuity plan.
  8. Research and recommend methodologies for maintaining continuity of operations and quick recovery from disaster situations.
  9. Works with various department heads and executives to implement and guide review and testing of all procedures.
Cybersecurity Governance. (15%)
  1. Policy development and auditing for security compliance.
  2. Develops, maintains and enforces corporate Information security policies, including physical and logical access controls, as well as guidelines for appropriate use of company assets.
  3. Researches, identifies and maps critical data within the environment. Develops classification scheme and applies categorization to data as PII, CJIS, PCI, etc. Formulates technical risk assessment around critical data.
  4. Develop, implement and maintain an effective Security Awareness Training program for all associates. Provide role-based Security training as needed.
  5. Conducts periodic risk assessments and implement controls to mitigate them.
  6. Assists other Cybersecurity office teams by providing project management guidance for risk-based approach to mitigation of vulnerabilities.
  7. Reviews all submitted Change Controls to ensure minimum risk to the company. Works with other teams to ensure the most secure deployments or solutions are selected for change processes.
  8. Regularly reviews Access Control requests and recommends changes to maintain security and least privilege concept.
  9. Work closely with compliance team to ensure security controls meet recommended standards for regulatory assurance.
  10. Assist other department heads with disciplinary action required for Security Violations that arise from failure to adhere to established policies.
Cybersecurity Service Desk. (10%)
  1. Corporate Access Controls and privilege account management, including developing processes for allowing access to assets throughout the environment.
  2. Auditing of access controls and maintaining secure environments while maintaining strict separation of duties.
  3. Endpoint support and maintenance for all associate desktop and laptop systems, including securing assets with encryption and monitoring tools.
  4. Provide support to associates with technical issues, new hardware or software purchases, software installation and procurement.
  5. Evaluate and approve software and hardware ensuring continued safe and secure operations of the business.
  6. Act as endpoint security subject matter experts.
Knowledge, Skills, and Abilities:
  • Ability to work with confidential information in a professional manner.
  • Knowledge of personal computers and various software packages with a concentration in Dell workstations and servers.
  • Knowledge and experience with various operating systems.
  • Knowledge and experience with Microsoft Office and Exchange.
  • Skill in analytical thinking and problem solving.
  • Skill in written and oral communications as well as organizational skills.
  • Ability to handle multiple tasks, work under pressure, and meet organizational deadlines.
  • Ability to communicate with co-workers and various business contacts in a courteous a professional manner.
  • Ability to pay close attention to detail.
  • Ability to make sound decisions using information at hand.
  • Ability to effectively function as a team player.
  • Ability to manage a large group of highly technical professionals to maximum performance.
  • Ability to effectively delegate work.
Minimum Qualifications:
  • Bachelor’s Degree in a computer related field of study or experience and relevant certifications in lieu of degree.
  • 10 years’ experience in progressive information technology roles.
  • Information Security related certification such as (CISSP, CISM, CCNA, CEH, etc.)
  • Prior experience leading technical teams.
Preferred Qualifications:
  • Bachelor’s Degree in a computer related field of study or experience and relevant certifications in lieu of degree.
  • 5 years Information Security Management.
  • 15 years’ experience in management leading Technology related teams.
  • CISSP (Certified Information Systems Security Professional).
  • Other industry related certifications a plus such as (MCSE, MCP, CEH, CHFI, CCNA, PMP, CompTIA+, etc.)
Powered by