Job Discussion Forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Job Discussion Forums

The Internet's Meeting Place for ESL/EFL Students and Teachers from Around the World!
 
HomeHome  Latest imagesLatest images  SearchSearch  RegisterRegister  Log in  

Job Discussion Forums :: Job Discussion :: General Discussion
 

 Director IT Security Operations

Go down 
AuthorMessage
Admin
Admin



عدد المساهمات : 305
تاريخ التسجيل : 2014-10-22

Director IT Security Operations Empty
PostSubject: Director IT Security Operations   Director IT Security Operations EmptyWed Nov 12, 2014 12:39 am

Director IT Security Operations
Location: Dallas, TX Posted Date: November 12, 2014
Employer: To view company name. See instructions below Apply By: January 8, 2015
Employer Job Id: CareerMine Job Id: 1143446

[Company] is a Dallas-based, privately held energy company with a portfolio of competitive and regulated energy companies[Company] , [Company] primary businesses, serve the high-growth Texas electricity market, which is one of world's largest and among the nation's most successful competitive markets. These businesses serve the high-growth Texas electricity market, which is one of the world's largest and among the nation's most successful competitive markets.

Summary

The Director, Cyber Security Operations will support the [Company] cyber security program and is responsible for leading and delivering a comprehensive approach to threat intelligence and forensics services managing a team which includes the Cyber Security Operations Center (CSOC), management and administration of security infrastructure, firewall administration, vulnerability management program, forensics, and threat intelligence.
Responsible for monitoring emerging threats and communicating changes in risk to enterprise information systems.
The Director will lead a team of Security Operations personnel to manage security operations requests, incidents, changes, and problems. The Director will also drive the vulnerability management program which includes malicious program detection, asset management of security technologies, penetration testing, configuration hardening standards, patch management, and other aspects of vulnerability management.
In the threat intelligence and forensics role, the Director is responsible for monitoring emerging threats and communicating changes in risk to enterprise information systems. The Director will manage a team of cyber threat responders and forensics experts both internal and external for threat intelligence and forensics execution.
The Director will report to the VP of IT Risk, Security & Compliance and be part of the [Company] IT Risk, Security & Compliance – leadership team located in downtown Dallas, TX.
The Director ensures alignment and up-to-date threat intelligence with industry groups including UNITE & EEI, and works with government organizations such as FBI, NERC and others.

Key Roles & Responsibilities Other duties may be assigned. Directly or through others, the incumbent:

Manages the security operations center staff for both internal and external teams, including oversight of the appropriate vendors/outsourcers.
Manages staff responsible for security tools such as SIEM, vulnerability management/configuration management, malware detection, file integrity monitoring, multi-factor authentication, web content filtering, and others. Maintains operational run books for security infrastructure/tools supported. Provides updates to asset management for security tools, and partners closely with IT management responsible for overall company device asset management.
Develops and leads the Threat Intelligence team to ensure security threat information, system log information, and sources of external intelligence are combined to provide real time response to cyber events.
Serves as the escalation point for all IT Security Operations, Threat Intelligence staff, reviews all work products; and ensures efficiency and quality within the team.
Evaluates various security alerts (vendors and other information sharing forums) and ranks remediation recommendations according to enterprise risk. Participates as subject matter expert on the company’s threat roundtable reporting on emerging threats and the company’s vulnerability state.
Contributes to the development and maintenance of the information security strategy and roadmap. Provides periodic metrics for the operations, threat and vulnerability management, and firewall administration programs to IT leadership.
Plays a leadership role in providing network and system security advice and risk analysis to It and business unit leadership.
Supports the Business Continuity, IT Risk, and Disaster Recovery functions. Participates in exercises and training of the incident response teams. Acts as the senior technical consultant on information security incident investigations, and forensic technical analyses coordinating effectively with internal and external entities as necessary.
Facilitates the implementation of IT Security controls necessary to meet regulatory requirements or contractual requirements; NACHA, PCI (Payment Card Industry) Security Standards, state and federal Privacy law, Sarbanes Oxley Act (SOX), and NERC, NEI, NRC and others.
Supports the Regulatory Compliance function, and provides evidence of IT compliance activities in support of internal and/or external audits.
Partners with the IT Security Architect staff, IT infrastructure personnel, and network and / or operations teams, to ensure the implemented technologies are integrated and fully utilized as intended in the protection of Company assets.
Communicates effectively at all levels within and outside the organization - leadership/management, business stakeholders, software vendors, law enforcement and sourcing suppliers.
Develops and fosters strategic relationships and establishes key organizational partnerships.
Performs other related duties as assigned.

Other External:

Maintains relationships with local, state and federal governmental and technology security agencies.
Active participation in industry and government-sponsored security organizations.

Education, Experience, & Skill Requirements

Bachelor’s Degree or equivalent experience in Information Technology and security operations, and forensics investigations. Minimum twelve (12) years’ experience in various IT roles, and proven and demonstrated experience with leading teams, developing, and establishing best practices in a Cyber Security Operations Center in a corporate environment and/or federal government. Understanding of how to design security operations center procedures, programs, and services across a diverse environment. Experience with a team of onshore and offshore resources a plus.
The candidate will have a strong background within information security and security engineering, with hands-on experience of a diverse range of security technologies representative of the following: multivendor stateful, non-stateful, and application firewalls, HIDS, NIDS/NIPS, Wireless, NAC, SSL and IPSEC VPN’s, DLP, SIEM, PKI/Strong Authentication, database technologies, load balancing, application security - XML, Web Services and SOAP protocols, both in client and server as well as dynamic languages such as Objective-C, VBScript, JavaScript; network and web related protocols (TCP/IP, UDP, IPSEC, HTTP, HTTPS, SMTP, SNMP, ICAP, etc.); encryption technologies, mobile security, WAF, WiFi, Mobile security, DLP, Digital Certificates, Encryption and Authentication techniques, end user computing security, cloud security, network security, security monitoring and event correlations, computer forensic analysis, and OS vulnerability scanning tools and management.

Understanding of the following concepts and technologies:

Defense in depth security models and security management practices
Cloud Security Concepts (SaaS, PaaS, IaaS), Mobile Architecture, Network and Application Security and/or Data protection
Security architectures for a large scale SOA project that involves cross enterprise information exchange
SDLC process and the ability to follow the process to effectively develop and design solutions
Application Security Vulnerabilities such as OWASP Top 10, CWE/SANS Top 25 and remediation approaches
Experience with enterprise technologies, authentication and authorization schemes (Active directory, LDAP, etc.)
Active industry certification(s) or similar work experience is desired (such as CISSP, CISA, CISM, CEH, SANS – GSEC, GCIH, etc.)
Establishes and maintains strong working relationships with groups involved with information security matters such as the Legal Department, Internal Audit Department, Physical Security Department, Information Technology Department, Information Security Council, HR and outsourced IT organizations.

Other Personal Characteristics

Ability to self-manage including planning, providing status updates and metrics
Ability to work independently and as part of a team.
Self-starter and self-motivating.
Excellent problem solving, analytical, communication, organization, task, and time management skills
Capable of delivering results through a position of influence.

It is the policy of the company to comply with all employment laws and to afford equal employment opportunity to individuals in all aspects of employment, including in selection for job opportunities, without regard to race, color, religion, sex, national origin, age, disability, genetic information, veteran status, or any other consideration protected by federal, state or local laws.
Back to top Go down
https://jobdiscussion.roo7.biz
 
Director IT Security Operations
Back to top 
Page 1 of 1
 Similar topics
-
» Director IT Regulatory & Compliance
» Director/Equity Partner, Impact Assessment & Planning
» Shift Manager - Operations
» Manager, Fleet Operations
» Operations / Project Manager Philippines

Permissions in this forum:You cannot reply to topics in this forum
Job Discussion Forums :: Job Discussion :: General Discussion-
Jump to: