Prosyntix is currently recruiting for a Full time role with a great company in Charlotte, NC. They will report directly to the CISO.
This role will report to the CISO and will lead the Cybersecurity Assurance and Resilience efforts. They will provide leadership over the design and implementation of Cybersecurity capabilities. The individual will also define, and lead implementation of information security standards aligned to the NIST Cyber security framework for capabilities related to data security, email protection, end-point protection, application security, network security, cloud (IaaS, SaaS) security, and privileged access. They will manage associated programs and develop and implement required processes, procedures and tools to deploy these standards. In defining and implementing these NIST-based security standards, this individual will also provide overviews to Corporate IT Risk Director to allow for assessment of the completeness and effectiveness of these standards.
They will serve as the principal liaison to managed security service providers, third-party security vendors, and Corporate technology infrastructure teams. S/he will serve as a liaison with project teams in those groups to design and implement security controls developed by the information security organization. It is, therefore, critical that this individual have at least working knowledge of other technology functions (e.g., technology infrastructure, business platforms) and has demonstrated strong collaboration across these types of teams previously.
- Oversight and management security architecture, engineering and build out of preventative information security capabilities:
- Define, develop and implement data security standards including data classification, encryption, data loss prevention, data access governance for structure and unstructured data and monitoring to prevent data related security incidents
- Define, develop and implement end-point security standards including personal firewall, personal proxy, cloud access governance, host-based security controls such as anti-virus, disk encryption, and privileged access management
- Define and develop standards for end-point detection and response (EDR) capability to protect servers and end-user workstations from cyber threats. As appropriate, provide inputs into teams responsible for the deployment of these capabilities (e.g., technology infrastructure)
- Collaborate with enterprise architecture to define, and improve enterprise security architecture, align enterprise architecture to enable the information security strategy and emerging risks
- Manage a small team of security engineers to ensure proper implementation and operational readiness of security capabilities to be managed by third-party service providers.
- Define the application security standards and collaborate with project team to ensure adoption of these standards within the software delivery lifecycle (“SDLC”). Ensure the appropriate stage gates are in place throughout the SDLC to establish proper security controls, and that evidence is produced showing those controls have been met.
- Provide to project and operational teams security advice, guidance, technical expertise and risk analysis as well as support with remediation requirements.
- Define metrics, gather and regularly report to CISO on operating effectiveness of information security controls managed by MSP and other IT partners
Essential Business Experience and Technical Skills:
- Intelligent and persuasive leader with good interpersonal, verbal and written communication and presentation skills.
- 10-15 years of broad technology experience in application development and infrastructure services with a strong record of success in managing information security. Specific focus on incident detection and response, auditing and risk management preferred. Should have experience managing complex information technology programs, preferably within the financial services or information security industries.
- Accomplished and effective change leader with people management responsibility and ability to implement and drive adoption of risk management programs as required.
- Manages across vendor sourced solutions and consultants, ensuring vendor performance and deliverables meet specifications. Must direct members across the organization, ensuring alignment of resources across functions and matrix. Creative, innovative and thorough approach with the ability to operate autonomously.
- Sound working knowledge of industry best practices (NIST, ISO, SANS, COBIT, CERT) and Legislative and Regulatory and Industry Compliance Requirements (Sox, PCI, HIPPA, etc.).
- Bachelor’s degree and/or related field experience required, MBA or other advanced degree preferred.
Travel: Up to 10%
Position can start remotely but would be required to relocate to Charlotte, NC.