MerchantE
Results-driven executive with extensive experience in driving innovation, scalability, and technical excellence for global organizations.
Essential Duties and Responsibilities
Champion information security to all levels of the business
Provide positive and collaborative leadership to all departments (e.g., sales, engineering, product management, legal, compliance, finance, customer success)
Evangelize security-centric culture and promote security best practices within the organization.
Influence and partner with product and technology teams to ensure that information security policies and standards are properly implemented.
Lead security conversations and be the escalation point for security incidents & investigations.
Lead/elevate security conversations and be the decision maker for operational security matters.
Serve as a technical expert for project teams throughout the implementation and maintenance of assigned information security solutions
Provide cybersecurity subject matter expertise to the day-to-day operational aspects of the engineering team including improvement of current security controls; identify areas of improvement, etc.
Own tactical execution of strategic direction and vision of the information security program
Analyze business needs and priorities for protection of critical systems and data
Actively influence and participate in architecture and strategy discussions with internal stakeholders, partners, and customers.
Continuously evaluate security processes, tools, and operational capabilities, and timely adjust them to maintain effective and efficient operational security processes and tools.
Actively contribute to the creation, maintenance, implementation and enforcement of Information Security policies and procedures
Draft information security program policies and procedures to ensure compliance with best practices and regulatory requirements
Continuously monitor trends to anticipate and plan for information security risks
Research industry best practices, current trends, threats and vulnerabilities; recommend relevant changes to the company’s control environment.
Design and manage the technical evaluation of new security technologies
Implement vulnerability management and security log collection and monitoring tools, analyzing data from those tools and providing recommendations for security improvements to existing processes and technology, and participating in and leading incident response efforts
Build, lead, and develop a team of information technology and security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members
Collaborate with key stakeholders (Enterprise Risk Management, Legal, HR) on information security risk management and related organizational governance processes.
Actively participate and provide professional expertise to information security forums, communities, and industry-specific groups.
Provide senior leadership with accurate status updates and assessments of the company’s security posture, through regular Steering Committee meetings and the development and tracking of relevant and highly useful KPIs.
Serve as voting member of MerchantE Change Advisory Board (CAB) and Release Advisory Board (RAB), governance bodies responsible for reviewing and approving production changes.
Facilitate remediation of applications with security flaws and code defects with Product Managers, Application Leads, and Development teams
Develop and implement best practices, reference implementations, automation, and testing for application security in web, mobile, and API implementations
Qualifications
Bachelor’s degree in computer science (or equivalent)
Minimum of 10+ years of documented information security work experience (or equivalent)
Expertise in planning, deployment, and operation of enterprise security management tools such as IDS/IPS (network and host), advanced anti-malware (network and endpoint), DLP, encryption, anti-virus, firewalls, identity management, NAC, MDM etc.
Experience with advanced malware technologies and demonstrated experience with malware remediation
Expertise in one or more technical forensic tools
Experience with Splunk including systems deployment, endpoint configuration, and log analysis and interpretation
Ability to identify signs of intrusion or infection on a variety of systems
Application and database security experience, including code reviews
Network and security engineering experience, including log and network traffic capture analysis.
Detailed knowledge of network and Web-related protocols (e.g., TCP/IP, IPSec, HTTP, SSL, routing protocols)
Hands on experience with Nmap, vulnerability scanners, ZAP, Kali, MetaSploit, Wireshark, Kismet, Aircrack-ng
Effective writing skills; ability to produce clear, concise and high-quality technical and business documents
A strong sense of accountability and self-motivation and a desire to work collaboratively in a small, cross-functional team
An ability to think critically and an aptitude for problem-solving
Ability to move seamlessly between a hacker/attacker mindset and a security engineer/defender mindset
Strong understanding of agile development processes and integrating secure development practices into the model
Ability and commitment to train direct reports on essential security tools, frameworks and processes
IT security certifications (e.g. SANS GIAC, CISSP, CCNA Security, CCNP Security) are strongly preferred
Seniority level: Mid-Senior level
Job details
Employment type: Full-time
Job function: Information Technology
Industries: Computer and Network Security
#J-18808-Ljbffr
Essential Duties and Responsibilities
Champion information security to all levels of the business
Provide positive and collaborative leadership to all departments (e.g., sales, engineering, product management, legal, compliance, finance, customer success)
Evangelize security-centric culture and promote security best practices within the organization.
Influence and partner with product and technology teams to ensure that information security policies and standards are properly implemented.
Lead security conversations and be the escalation point for security incidents & investigations.
Lead/elevate security conversations and be the decision maker for operational security matters.
Serve as a technical expert for project teams throughout the implementation and maintenance of assigned information security solutions
Provide cybersecurity subject matter expertise to the day-to-day operational aspects of the engineering team including improvement of current security controls; identify areas of improvement, etc.
Own tactical execution of strategic direction and vision of the information security program
Analyze business needs and priorities for protection of critical systems and data
Actively influence and participate in architecture and strategy discussions with internal stakeholders, partners, and customers.
Continuously evaluate security processes, tools, and operational capabilities, and timely adjust them to maintain effective and efficient operational security processes and tools.
Actively contribute to the creation, maintenance, implementation and enforcement of Information Security policies and procedures
Draft information security program policies and procedures to ensure compliance with best practices and regulatory requirements
Continuously monitor trends to anticipate and plan for information security risks
Research industry best practices, current trends, threats and vulnerabilities; recommend relevant changes to the company’s control environment.
Design and manage the technical evaluation of new security technologies
Implement vulnerability management and security log collection and monitoring tools, analyzing data from those tools and providing recommendations for security improvements to existing processes and technology, and participating in and leading incident response efforts
Build, lead, and develop a team of information technology and security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members
Collaborate with key stakeholders (Enterprise Risk Management, Legal, HR) on information security risk management and related organizational governance processes.
Actively participate and provide professional expertise to information security forums, communities, and industry-specific groups.
Provide senior leadership with accurate status updates and assessments of the company’s security posture, through regular Steering Committee meetings and the development and tracking of relevant and highly useful KPIs.
Serve as voting member of MerchantE Change Advisory Board (CAB) and Release Advisory Board (RAB), governance bodies responsible for reviewing and approving production changes.
Facilitate remediation of applications with security flaws and code defects with Product Managers, Application Leads, and Development teams
Develop and implement best practices, reference implementations, automation, and testing for application security in web, mobile, and API implementations
Qualifications
Bachelor’s degree in computer science (or equivalent)
Minimum of 10+ years of documented information security work experience (or equivalent)
Expertise in planning, deployment, and operation of enterprise security management tools such as IDS/IPS (network and host), advanced anti-malware (network and endpoint), DLP, encryption, anti-virus, firewalls, identity management, NAC, MDM etc.
Experience with advanced malware technologies and demonstrated experience with malware remediation
Expertise in one or more technical forensic tools
Experience with Splunk including systems deployment, endpoint configuration, and log analysis and interpretation
Ability to identify signs of intrusion or infection on a variety of systems
Application and database security experience, including code reviews
Network and security engineering experience, including log and network traffic capture analysis.
Detailed knowledge of network and Web-related protocols (e.g., TCP/IP, IPSec, HTTP, SSL, routing protocols)
Hands on experience with Nmap, vulnerability scanners, ZAP, Kali, MetaSploit, Wireshark, Kismet, Aircrack-ng
Effective writing skills; ability to produce clear, concise and high-quality technical and business documents
A strong sense of accountability and self-motivation and a desire to work collaboratively in a small, cross-functional team
An ability to think critically and an aptitude for problem-solving
Ability to move seamlessly between a hacker/attacker mindset and a security engineer/defender mindset
Strong understanding of agile development processes and integrating secure development practices into the model
Ability and commitment to train direct reports on essential security tools, frameworks and processes
IT security certifications (e.g. SANS GIAC, CISSP, CCNA Security, CCNP Security) are strongly preferred
Seniority level: Mid-Senior level
Job details
Employment type: Full-time
Job function: Information Technology
Industries: Computer and Network Security
#J-18808-Ljbffr