Director of Information Security

1010data values:

Integrity: Doing the right things for the right reasons

Agility: Adapting and thriving in a dynamic environment

Teamwork: Combining our strengths to do amazing things

Passion: Channeling enthusiasm to drive excellence

Creativity: Unleashing curiosity to defy the norm

Job Description:

We are seeking a seasoned Director of Information Security with a desire to lead the information security team. This is an opportunity to build a talented security architecture and work cross functionally with multiple departments, enabling 1010data to manage a large and growing high-performance, secure data center and cloud computing environment.

If you have a passion for high-performance computing, you will be instrumental in building tools to manage a highly scalable, 24/7 available platform for data analysis.

1010data’s production environment is unlike any other, making the ability and willingness to continuously learn and develop new technologies crucial. This role will offer and encourage the opportunity to continuously develop your skills and experience.

The successful person will be a cooperative, creative person who is strongly motivated to solve business information security issues. This person will be adept at finding the right security technology balance to solve problems quickly and efficiently. This person must be capable of working independently and towards goals vs. just following instructions.

Responsibilities:

• Lead information security projects through execution:
• Lead the on-going strategy, planning, development, implementation, and maintenance of our Information Security Roadmaps
• Define, communicate, and validate security requirements to guide projects/initiatives to secure solutions
• Define and manage system hardening standards (configuration management) across all technology domains and ensure compliance checking is built into processes
• Coordinate security activities throughout the CI/CD (Continuous Integration/Continuous Delivery) pipeline
• Drive best practices in cloud security:
• Implement and provision enterprise-class security systems in public clouds such as Amazon Web Services (AWS) and Microsoft Azure in concert with continuing to raise the bar on security for our data centers.
• Ensure organizational alignment with the cloud security strategies
• Manage best-in-class security design and architecture:
• Provide assistance in maintaining security architecture documentation and diagrams
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Maintain all security-related policies, including by not limited to encryption, acceptable-use, data loss prevention, data classification, electronic communication, and information sensitivity
• Evaluates new security threats and develops effective security controls, including corrective actions and responses
• Teach and govern best security practices:
• Continue self-development of knowledge, skills, and abilities to better support execution of the Information Security (IS) function
• Guide development teams toward secure coding practices
• Develop an information security team to act as a check and balance across infrastructure and development teams, including sharing any mitigation strategies
• Lead initiatives designed to share knowledge across technology teams
• Oversee internal and external security audits:
• Ensure adherence to regulatory obligations as they apply to GDPR, SOC2, PCI, etc.
• Lead and oversee the annual internal and external audit process for the Information Security Services department and ensure that all requested security documentation is provided timely to internal and external auditors
• Partner with internal and external stakeholders:
• Work with the business development organization to respond to due diligence requests on cyber-related inquiries and information security requests from customers
• Partner with key stakeholders to improve the overall quality and availability of identity access management products and services
• Provide stakeholder consultations in areas of identity and access management solutions and issue resolution
• Partner with the Information Security Operations and Risk Management teams in monitoring data leakage events and remediating access control related issues
• Preparing for and presenting at Executive Leadership Meetings

Qualifications:

• Strong understanding and/or experience in information and network security principles:
• Cloud and on-premises systems in at least one of the following: network/infrastructure, servers, mobile, system configuration
• Securing containers including container management solutions such as Kubernetes
• Security defenses against data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and Denial of Service attacks
• Securing development pipelines such as automated code scanning tools and API management
• Significant hands-on experience in security systems (e.g., firewalls, intrusion detection systems, endpoint software, authentication systems, log management, content filtering, etc.)
• Knowledge of Security and Industry frameworks such as ISO27001/02, NIST 800-53, SANS Top 20 Critical Security Controls, COBIT, PCI-DSS, and NIST Cybersecurity Framework a combination of relevant industry certifications related to Information Security (e.g., CISSP, CISM), Architecture (e.g., TOGAF, AWS Certified Solutions Architect), and Cloud (e.g., AWS, Google, and Azure including Microsoft 365)
• Demonstrated experience with assessment, development, implementation, and optimization across a broad set of security technologies such as secure software development, application security, data loss prevention, cryptography, key management, and identity access management
• Experience with a 24x7, highly available architecture
• Experience working with cloud security and governance tools

• Strong executive presence and cross-team collaboration:
  • Ability to provide direction and guidance at all levels of the organization on architectural use cases and requirements

• Strong personality with the will and ability to enforce new policies across the organization, especially at the executive level

• Work with business units, infrastructure services, and application development teams to choose appropriate technology solutions

• Providing consultation to business partners to influence security best practices and establish solid security principles across the organization

• A demonstrated ability to integrate various information security, application, network and data protection technologies and controls into solutions to mitigate risk

• Strong communication skills:
• Ability to contextualize security issues and business risks both verbally and in writing
• Strong communication skills, business acumen, analytical and problem-solving skills

The expected base salary range for this position is from $160,000-$195,000. It is not typical for offers to be made at or near the top of the range. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, geography, and where applicable, certifications obtained. Market and organizational factors are also considered.  In addition to salary and a generous employee benefits package, successful candidates may also be eligible to receive discretionary annual performance bonus compensation.

About 1010data:

For more than 20 years, 1010data has helped financial, retail and consumer goods customers monitor shifts in consumer demand and market conditions and rapidly respond with highly targeted strategies. The 1010data Insights Platform combines market intelligence, data management, granular enterprise analytics, and collaboration capabilities to empower better business outcomes. More than 900 of the world’s foremost companies’ partner with 1010data to power smarter decisions. 

You can find this on the Company page of 1010data at https://1010data.com/company/ 

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.