Global Cyber Security Director
Banking/Financial company
Banking/Financial company
Jacksonville, FL 32256
W-2 onlyPermanent Position4297 views
Jacksonville, FL 32256
Permanent Position
Questions?
Click to chat now!
This posting has been closed

Job Overview:

The cyber security program includes assessing the development, deployment, and sustainment of all IT systems that support our client delivery. The successful candidate will use industry standard frameworks to ensure systems are secure throughout their life cycle. The position calls for a strategic individual who understands business operations, information technology and security and will utilize that knowledge to assist with the implementation of an effective security campaign that ensures the overall security position is aligned with business needs and the evolving threat landscape.

Roles and Responsibilities Overview:

  • Management of the global team Cyber Hygiene team, development and deployment, to include:

    • Vulnerability Management & Core Build – Support the identification of configurations, at the end-point, source code, application, database, and network level.

    • Source Code Analysis – Develop security standards for testing of source code and oversee testing through security code scanning platform

    • Vulnerability and Compliance Remediation – Remediation of all violations of CSO IS controls and all CSO IS services, addressing gaps in IS controls and sustainably preventing the emergence of new information security gaps.

    • Rogue Asset Discovery – Use industry leading tools to validate the enterprise has updated inventory for internal and cloud based capabilities.

    • Code Security – Ensure the bank is using appropriate security for source codes, internal and external, protecting the client’s enterprise both in network and cloud.

  • Create and implement a pre-deployment testing capability to ensure information systems are accurate across the enterprise.

  • Perform reoccurring cyber hygiene activities to ensure system security controls are operating and monitoring mission integrity.

  • Stay current on the latest security threats and vulnerabilities and educate staff to take informed proactive actions to the enterprise environment and collaborate with enterprise architecture teams to evaluate new or improved technologies with regard to replacing or upgrading existing infrastructure.

  • Development of an operational roadmap for the sustained success of the team - includes measuring the team's performance against Service Level Objectives (SLOs) and continuous improvement.

  • Participate in infrastructure and security incident management processes to derive root cause and after action reports.

  • Support against compliance violations for new and legacy applications.

  • Responsible for the implementation and maintenance of the Technical Information Security Officer (TISO) target model, as well as the training of the TISO population.

  • Promote services and guidance with business and application owners to help them understand the service value proposition for consumption in their area(s).

  • Continuously provide service and process improvement feedback from assessments through service delivery to improve efficiency and value.

  • Assessing known systems vulnerabilities and verifying system hardening and patching activities to ensure compliance.

  • Defining of cyber requirements and design solutions, providing guidance and direction related to security technologies.

Requirements:

Technical Experience:

  • 10+ years of experience working in an information security or IT operations related field in an enterprise environment with experience in comprehensive vulnerability management programs.

  • 5+ years of “hands-on” experience in a managerial role within IT security or IT operations.

  • Experience utilizing two or more open-source and enterprise vulnerability assessment tools such as, NMAP, WebInspect, Veracode, MetaSploit, Nessus, Tanium.

  • Long-term experience in information security / cyber security in a global IT environment.

  • Knowledge of all important aspects of cyber security threats and defenses (such as exploits, Trojans, Virus, malware, etc.).

  • Found understanding of the security solution architecture, market trends and standards, and platform-specific vulnerabilities.

  • Good knowledge of and experience with regulatory requirements and relevant standards; e.g. COBIT, ITIL, CMMI, NIST or ISO 27002. Appropriate certification would be an advantage.

Non-Technical Experience:

  • Ability to operate in a global and highly complex organization with multiple stakeholders with sometimes conflicting and overlapping goals.

  • Proven leadership skills including: effective oral and written communication, performance management, issue resolution, negotiation, motivating others, forecasting, and planning.

  • Self-motivated with ability to work with minimal supervision.

  • Strong technical leadership working with vulnerability and configuration assessment tools such as network vulnerability scanning tools, dynamic, and static code scanning tools.

  • Experience in leading global teams of experts within a complex technical environment.

  • Experience in communication with different business and IT departments on a global level. This includes the ability to process and present complex topics in a target group-oriented manner in order to make necessary decision-making processes advance.

  • Team leadership capability and ability to work solution-oriented in virtual global teams in a matrix organization.

  • Creates an environment in which employee leadership and development have high priority.

  • Professional demeanor, good interpersonal skills, and ability to excel in a high-paced multi-tasked environment

Education and Certifications:

Desired Education:

  • Master in business administration, computer science or comparable professional experience

Desired Certifications:

  • One of the following certifications: CISSP, SANS GIAC Certified Penetration Tester (GPEN), SANS GIAC Certified Web Application Penetration Tester (GWAPT), Offensive Security, Certified Ethical Hacker (CEH).

Skills
Skill Proficiency Years Experience Percent Used
Cyber Security
Any100%
CISSP
Any75%
Information Security
Any75%
Performance Management
Any75%
Compliance
Any50%
Infrastructure Security
Any50%
Solutions Architecture
Any50%
Agile Methodology
Any25%
Analysis
Any25%
CMMI
Any25%
Microsoft Excel
Any25%
Nessus
Any25%
NIST
Any25%
Process Improvement
Any25%
Security Monitoring
Any25%
Vulnerability Assessments
Any25%
Vulnerability Managment
Any25%