DUTIES AND RESPONSIBILITIES:
• Develops and maintains a complete understanding of Aligned’s technologyand information systems.
• Directs the development and maintenance of Incident Response Plans andCybersecurity procedures for information technology.
• Maintains current knowledge of the cyber security industry, digital privacyregulations, and standards for all regions.
• Identifies and communicates current and emerging security threats.
• Directs the architecture, design, build, implementation, and support ofenterprise-class security systems based on the Center for Internet Security(CIS) controls and related standards.
• Designs security architecture elements to mitigate threats as they emerge.
• Anticipates stakeholder needs to discusses potential security and privacysolutions.
• Oversees and analyzes security assessments, including security programreviews, penetration testing, vulnerability testing, risk analysis, and providerecommendations related to findings.
• Create solutions that balance business requirements with information andcybersecurity requirements.
• Review and recommend security configuration and policies for firewalls, VPNsystems,routers, IDS scanning technologies, servers, computers, mobiledevices, audio/visual devices, IOT and IT systems.
• Ensures integration of projects and adjusts project scope, timing, andbudgets as needed, based on the needs of the organization.
• Reviews and analyzes system logs, security tools, and network traffic forunusual or suspicious activity and makes recommendations to restore secureoperations.
• Reviews and tests new security software, tools and/or technologies todetermine applicability to operations.
• Directs ongoing interviews and assessments with internal groups andmanagement for the purpose of learning how employees interact withtechnology and to integrate cybersecurity measures.
• Works closely with internal auditing, legal, and IT teams to ensure compliancewith applicable legal, regulatory, and industry requirements (e.g., FERPA,HIPAA, PCI-DSS, FIPS, NIST, CISA, ISO 27001, etc.).
• Works with Senior Leadership to formulate a comprehensive, strategictechnology plan that is consistent with the overall business objectives andbudgetary considerations.
• Oversees annual operating and capital budgets for all security platforms andhardware.
• Manages suppliers and vendors for information security and cyber security.
Qualifications:
• Equivalent experience or graduation from an accredited 4-year college or universitydegree in a job-related field of study.
• Five (5) years of experience responsible information security and cyber securitymanagement.
• Practical experience in Red, Blue, and Purple INFOSEC tasks and roles.
• Experience deploying and managing cyber security, digital privacy, and informationsecurity solutions for remote access, identity access management, and cloud basedservices.
• Experience leading ITIL V4 based processes (incident, change, problem, root causeanalysis).
Preferred Credentials
• CISSP- Certified Information Systems Security Professional
• GSLC- GIAC Security Leadership
• CISM- Certified Information Security Manager
• CCSP- Certified Cloud Security Professional
Preferred Clearences
• SCI/SAP L Clearence
• SCI/SAP Q Clearence
• Completed & Cleared DCSA Background
We know how to fine-tune corporate security because we've led effective and efficient Fortune 500-level security programs. The SEC helps businesses find the best balance of risk mitigation, cost and innovation.