Atlanta based company searching for a permanent IT Security Director.
Our client owns and operates 180+ temperature-controlled warehouses in the United States, Australia, New Zealand, Argentina, and Canada. We have nearly 13,000 associates and offer a wide variety of employment opportunities - from warehouse forklift operators and supervisors to accounting, customer support, engineering, transportation, and technology solutions positions.
The global Information Technology Security Director is responsible for the management of the information security and risk programs, policies, procedures and technical systems in order to maintain the confidentiality, integrity and availability of our client's information systems. This individual will be responsible for the global development, implementation and ongoing management of information security policies and systems. The Director of IT Security will serve as owner for all appropriate IT access that protects the customer, employee, and business information, in compliance with organization policies and standards. Will perform ongoing monitoring of centralized information management systems, investigate and respond to identified incidents, vulnerability release monitoring and tracking and administer global vulnerability management systems. This position will work closely with technology, applications, compliance and business areas to ensure that security programs are implemented and maintained. The individual must have a strong security, network and applications knowledge as well as communication and leadership skills in order to develop and manage the delivery of cyber security programs to the organization.
• Design, develop and implement information security architecture in a large global multi geographic enterprise environment
• Develop, implement, monitor and enhance data security policies, procedures and standards
• Test and evaluate new technologies that will enhance the security of the enterprise
• Define and drive threat identification and response across the company
• Design, develop and implement information security architectures that support control implementation across a broad set of hardware and software systems.
• Partner with business units and various groups within the client to define secure technology solutions
• Performs information security risk assessments and for information security processes including risk identification, risk mitigation, and documentation
• Work with data owners, IT teams, compliance and legal to classify all data and maintain appropriate access restrictions
• Direct and provide hardening guidance in operating system, databases and application security
• Monitors advancements in information security technologies, and changes in the industry that affect information security
• Administer and maintain network security systems such as Firewalls, IDS, A/V and incident management
• Leads forensic/security investigations under the direction of legal and human resource departments
• Conduct vulnerability assessments (network, server, databases, application, etc.) and drive remediation
• Define and validate system security requirements. Implement secure systems/standards using ISO 27001 and ISO 17799/27002
• Audit and monitor IT Security Best Practices including: Firewall/Network Design, Anti-Virus Strategy, Platform Maintenance, Intrusion Detection Monitoring, System access ID and logon procedures and policies, file transfer protocols, procedure and practices, and identify and manage remediation efforts on vulnerabilities
• Provide guidance and advocacy regarding prioritization of infrastructure investments that impact security
• Develop, publish and maintain comprehensive company-wide information privacy and security strategy, plans, policy, procedures, and guidelines
• Ensure departments consider information security risks in both ongoing and planned operations
• Maintain relationships with local, state, and federal law enforcement and other related agencies
• Work with outside consultants as appropriate on required security and risk audits
• Create selection criteria for vendor products, tools and services related to information security
Skills and Experience:
• The successful candidate will have a bachelor’s degree in Management Information Systems, Computer Science, Engineering or related discipline. An advanced degree is preferred
• 15+ years IT experience with 8 to 10 years in a combination of risk management, IT Leadership information security and information technology desired.
• One or more of the following certifications are preferred: CISM, CISA, CISSP, CRISC, or HISP
• Must have a solid understanding of information technology and information security practices, including the areas of host security, platform architecture, network perimeter security, intrusion detection/prevention, application security modeling, physical security, systems integrity, and continuity planning
• Experience in security policy and standards development, implementation and program review
• Ability to synthesize complex technology concepts and apply them to strategic, business level considerations
• Experience in Unix, Windows, Linux, TCP/IP, Storage devices, network devices, fail-safe strategies, system architecture, LAN and WAN methods and intranet/internet security environments including; firewalls, intrusion detection, incident response, policy writing, vulnerability testing, operating system hardening, regulatory compliance and data classification
• Experience in performing Cloud Computing vendor evaluations (SasS, PaaS, IaaS)
• Knowledge of relational database design and architecture with experience in data administration and security methods with tier 1 ERP (Oracle, SAP, etc.), web application layers, e-commerce, and SQL
• Knowledge of risk assessment methodologies
• Knowledge of forensic analysis methodologies and tools
• Knowledge of auditing methodologies and tools
• Experience in the areas of full life-cycle project management, SLA, staffing and budgeting; onshore and offshore resource management; 24/7 operations, and outsourcing strategy
• Experience in IAM, NIDS/HIDS, SEIM, Log Management, Patch Management, Vulnerability Management, eDiscovery, Virtual Machine Security, Wireless and Mobile Security, and Industrial Controls
• Experience in Security Architecture, Policies & Standards, Risk Management, Incident Response, Data Discovery and Classification
Physical Requirements & Abilities:
Excellent organization and time management skills with a focus on a delivery, responsiveness, ownership and accountability. Ability to manage stress well under difficult situations and when dealing with issues and project deadlines. Strong interpersonal, communication, and customer-facing skills. Ability to understand and communicate technical concepts to a business audience. Ability to introduce and manage change within organizations.
This person must be extremely hands-on as he/she will be the “go to” person for solution development and problem resolution
• Requires the ability to sit for long periods of time, with frequent interruptions
• Requires several hours per day of sitting, getting up and down from chairs, and reaching, or bending
• Requires manual dexterity with normal hand and finger movements for typical office work
• Talking, hearing, and seeing are important elements of completing assigned tasks
• Requires some travel by automobile and airplane up to 10% of the time
• May require visiting facility operations in temperatures at or below freezing
• May carry loads related to travel and occasionally lifts, carries, positions, or moves objects weighing up to 20 pounds
• Requires the use of various electronic tools
• Occasionally works evenings or weekends in order to complete objectives or to attend meetings
• Requires the ability to relate to others beyond giving and receiving instructions: must partner with colleagues without exhibiting behavioral extremes
• Requires the performance of work activities including reasoning, negotiating, instructing, persuading, or speaking with others; and respond appropriately to constructive feedback from executive management
If this sounds like you, please submit your resume to begin a conversation about this opportunity!