VP of Security
Reports to: VP of IT
The VP of Security is responsible for managing the overall IT Security and Disaster Recovery programs within the organization. Maintains and implements policies and processes in support of mitigating IT security risks. Manages and coordinates with 3rd party managed security service providers and consultants to complete ongoing system monitoring, vulnerability assessments, incident identification and management. Coordinates with IT infrastructure and applications teams to implement security policies and remediate identified vulnerabilities. Communicates effectively, works well and is able to develop relationships with business stakeholders.
Major Duties & Responsibilities
IT Systems Security (80%)
Business Continuity & Disaster Recovery (20%)
- Implement and maintain company-wide information security policies.
- Managing security audits, vulnerability and threat assessments and directing responses to network or system intrusions.
- Managing 3rd party security service provider to monitor network traffic, logs and identified incidents.
- Coordinating with the IT infrastructure and application support teams to remediate any identified vulnerabilities.
- Ensure compliance with regard to legal and contractual information security obligations.
- Manage projects to implement new security technologies or processes in support of managing overall IT security risks.
- Maintain an appropriate level of relevant knowledge of ongoing IT security threats.
- Provide leadership, guidance and training to information systems security personnel.
- Provide executive and board level compliance and audit findings.
Consults with: 3rd party Security Service Provider and Technical Team
- Implement and maintain company-wide Disaster Recovery plans and policies.
- Assist with the maintenance of the Business Continuity Plans and coordinate with applicable business stakeholders to identify IT requirements.
- Facilitate appropriate stakeholder trainings and communications to support Business Continuity and Disaster Recovery plans.
- Manage Disaster Recovery requirements and coordinate with the IT Infrastructure team to ensure policies are adhered.
- Organize and manage Business Continuity and Disaster Recovery exercises to ensure systems, processes, personnel and documentation are adequate.
Term: Direct Hire
Qualifications: Preferred certifications include but not limited to CISSP, CEH, CCNA, MCSE, GIAC
- Bachelor's degree preferred
- 10 plus years’ experience in IT systems
- 5 plus years in IT security experience
- Strong technical background in IT systems and network security.
- Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards.
- Excellent interpersonal and leadership abilities
- Excellent problem solving/analytical skills
- Excellent verbal and written communication
- Ability to develop and implement relevant security policies (incident response, disaster recovery, access control, etc.)
- Ability to work independently and make decisions supported by relevant data
- Ability to interact, work well and develop relationships with business stakeholders
- Ability to effectively communicate with business stakeholders and executive management
- High level of experience with security threats which primarily target Microsoft Windows Server environments and database technologies.
- Familiarity with vulnerability testing procedures, analysis of report results, and implementing mitigation techniques based on those results.
- Experience with reading and interpreting vulnerability assessment reports including but not limited to those produced by Nessus, IBM AppScan, BurpSuite and Metasploit logs, as well as other industry standardized scanning and reporting tools.
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
- Coordinating with Managed Security Service Providers to manage ongoing security monitoring and incident response management.
Salary Range: $150K
- Microsoft PC and Server Operating Systems
- Active Directory & LDAP
- Cisco based networking environments, in particular Cisco ASA Firewalls
- PaloAlto Firewall Platforms
- SQL Server 2008/2012
- Microsoft IIS and IBM WebSphere web hosting platforms
- Vulnerability assessment tools (Nessus, IBM AppScan, etc)
- IDS/IPS technologies
- TrendMicro Anti-virus
Recruiter Contact Information: firstname.lastname@example.org