Director, Information Security
Location: New York, NY
Compensation: $160,000 base + Bonus + Equity
Glocomms are partnered with an Asset Management firm in the search for a Director of Information Security to join the business working directly with the CISO to lead Cyber & Information Security operations across the enterprise.
Key responsibilities:
- Serve as the company's subject-matter expert on all security-related issues.
- Review vulnerability scans and coordinate remediations with the IT Infrastructure and Operations Teams.
- Maintain all security-related documentation, including security policies and procedures.
- Manage the central incident response and act as a forensic examiner for security and IT incidents.
- Coordinate firewall rules, revisions, and configuration updates with the Network Engineering team.
- Review SIEM logs and alerts and coordinate actions with the managed service provider.
- Implement new security projects and initiatives and maintain current security solutions.
- Perform IT vendor due diligence and risk assessments for new and existing vendors.
- Collaborate with the IT Infrastructure and Operations team on Patch Management, Identity & Access Management, Penetration Testing, and Change Management.
- Plan security training, such as annual training, new hire training, phishing testing, social engineering, tabletop exercises, and other security awareness training.
- Assist with security and DR/BC inquiries for customer RFPs, coordinate IT audit requests for Sarbanes-Oxley, SSAE-18, and financial regulatory audits, and prepare periodic security KPI reports.
Minimum Experience:
- 5+ years of experience in Cyber/Information Security, Security Architecture, and/or Risk Assessment.
- Experience with firewall configurations and SIEM security solutions.
- Knowledge of information security risk assessment.
- Experience with incident management, vulnerability scanning, and identity and access management.
- ISO 27001 security framework experience.
- Knowledge of vulnerability scanning tools (Nexpose, Metasploit, Kerberoast, etc.).
- Security certifications such as CISSP, CISM, CISA, and/or CRISC;
- Knowledge of security frameworks including MITRE ATT&CK.
- Exceptional communication and project management abilities are necessary.