Information Security Director
Onsite - IT - Security - Direct Placement - Job ID: 23-72612
Location: Houston, TX (Hybrid – onsite 3 days a week in downtown)
Duration: Permanent, Direct-Hire
Work Requirements: US Citizen, GC Holders or Authorized to Work in the US
The Information Security Director is primarily responsible for providing leadership, as well as operational and tactical direction to diverse teams, including analysts, engineers, and architects. The Director also provides strategic direction in coordination with the Chief Security Officer (CSO) leadership team. The Director leads the team through the information security program by establishing highly effective policies, corporate protocols, and appropriate collaboration among teams. In addition, the Director assumes responsibility for the education and enforcement of those protocols and matters of compliance.
The Director possesses a strong technical background and understands risk mitigation and technical controls. The Director is expected to lead teams that perform technical work and must possess leadership qualities.
This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level. The role requires the ability to speak confidently in front of large groups and with corporate management, vendors, and service providers. The Director manager also contributes to the company IT security strategy and roadmap.
Responsibilities and Duties
- Analyzes technologies and establishes highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into the company networks and systems.
- Leads the Security Operations Center (SOC)
- Designs and manages processes for detection, investigation, correction of information security incidents.
- Supports automation and orchestration to maximize team talent and reduce routine tasks.
- Actively recruits and leads by example to create a culture where employees want to work.
- Mentors security team and places a heavy emphasis on employee retention – people, first.
- Conducts independent verification and validation testing of the company networks and sensitive programs through internal team resources and independent consultant engagements.
- Leads the team to implement secure enterprise systems and identifies issues that could compromise data integrity or security.
- Develops IT security programs and recommends necessary changes to the information security team to ensure the company's systems are fully compliant with all applicable regulatory requirements and privacy laws.
- Provides periodic training to company employees on information security topics.
- Stays abreast of the security industry threat landscape, specifically within the company's industry.
- Recognizes his/her personal developmental needs and is proactive in obtaining the coaching, networking, and training needed to ensure his/her continued success in the position.
- Creates a working environment that is conducive to two-way communication, teamwork, and learning.
- Recognizes the varying strengths, skills and needs of the team and adapts his/her coaching skills to obtain the best possible results from each individual contributor.
- Openly supports the organization, the management team and executive leadership team, even during times of adversity.
- Utilizes open communication and managerial courage to ensure the standards, expectations and goals of the organization are respected and upheld.
- Acts as a change agent and drives the department and business forward using effective management, analysis, and strategic skills.
- Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization.
- Assumes responsibility for other duties as required or assigned.
Preferred Minimum Experience
- Preferably 10+ years of technical hands-on security experience, with at least 3-5 years in a team leadership role.
- In-depth knowledge of security standards and frameworks such as NIST, NERC CIP, TSA Pipeline, PCI, and SOX.
- Knowledge of security technologies such as firewalls, intrusion detection/prevention systems, vulnerability scanners, and endpoint security.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of incident response and handling methodologies.
- Knowledge of enterprise incident response program, roles, and responsibilities.
- Knowledge of industry-standard and organizationally accepted analysis principles and methods.
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
- Knowledge of penetration testing principles, tools, and techniques.
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
- Experience with cloud security and DevSecOps.
- Demonstrates strong written and oral communication skills.
- Demonstrates solid organizational skills and the ability to multi-task, prioritize workload and delegate responsibilities.
- Demonstrates excellent judgment and the ability to make quick decisions and think outside the box when working with complex situations.
- Demonstrates a high level of flexibility.
- Is forward thinking and possesses business acumen.
- Possesses a high level of integrity, trustworthiness, and confidence, and represents the company and its management team at the highest level of professionalism.
- Demonstrates strong analytical skills and is effective at interpreting and applying applicable regulation.
- Works effectively with a variety of personalities and can adapt his/her approach to effectively reach and develop his/her team. Uses this skill as well as his/her functional knowledge to both earn and maintain a high level of credibility with the team.
Preferred Minimum Education
- Bachelor's degree in computer science, information assurance, Management Information Systems (MIS) or related field, or equivalent.
- CISSP, CISM, GIAC
About INSPYR Solutions:
Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients’ business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.
INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.
TAKE THE NEXT STEP.