Director of Information and Infrastructure Security Houston, TX $130-160K + 35% Bonus Prestigious Fortune 500 Utility Company in Houston is looking for a Director of Information and Infrastructure Security. This individual will manage over the security infrastructure. Individual will participate in the IT Security Committee advising Management on information security issues, perform information security risk assessments, develop information security procedures, and provide monthly metrics concerning security performance and value to the organization. Individual will also maintain database of risk analysis of security controls for: application code, database server(s), Servers and desktops, directory and authentication device(s), Firewall(s), network configurations required to support the application, operating system, network security, host security, change management and user access environments.
Knowledge, Skills or Abilities Required
Project Management
Project Management - Manage the strategic aspects of large programs or a portfolio of projects, ensuring all risks are mitigated. Oversee senior managers, managers and technical consultants working on specific projects. Develop, implement and maintain sound business practices.
Internal Operations - Reviews status reports of Project Managers, Senior Managers, and Managers and addresses issues as appropriate. Lends expertise to internal teams and task forces. Enforces standard policies and procedures. Encourages innovation of processes and technologies that increase operating efficiencies and service quality.
Financial Management
Strategy Development and Roadmap Management - Develop long-range strategy and program roadmap plans to create a broad-based financial picture for the department. Maintain high degree of accuracy in the preparation of capital and expense budgets, estimation of project effort and resource requirements, and development of sound business cases for execution.
Communication
Strong communicator both written and verbally.
Adept at determining information needs and tailors messages according to audience
Excellent communication and presentation skills. Proven ability to interact with all levels of the organization including senior leadership and executives
Ensure that direct reports, project teams, business sponsors and superiors are well informed of relevant changes and newsworthy events within the company and related programs. Handles difficult personnel situations directly, using appropriate discretion, HR advice, and respect for the individual.
Provides proactive communication to executive management regarding project status, deliverables and IT Security operational health and risk posture
Vendor/Contract Management
Experience working with IT Security software/hardware vendors, security consulting firms and service providers
Experience managing software/hardware life cycles and maintenance contracts in partnership with Procurement and IT Finance organizations
Experience conducting requirements-based product comparisons and brining in new solutions
Technical Knowledge, Skills and Abilities
Demonstrates success in driving a security-conscious culture and transforming large organizations towards a proactive and mature security posture
Experience serving as a technical IT Security expert representative across teams, both business and information technology.
Demonstrates ability to provide effective thought leadership and guidance in the design and implementation of security solutions
Effective at bridging between technology and business needs, while considering value, cost, and organizational impact associated with change management.
Experience in establishing effective communication packages, metrics and measurements to monitor quality of services and risk posture
Highly effective in troubleshooting security events and incidents and driving effective resolution
Possesses knowledge of complex information technology and infrastructure concepts integral to IT Security, including but not limited to network, storage, database, server, Workstation, application development and Internet system architectures.
Effective in driving integration and alignment with enterprise support processes, such as change management, problem management and incident management
Experience in establishing and enforcing security configurations and standards across project teams and technology platforms
Expert knowledge of key security models and regulations such as ISO 2700X, SOX, PCI, GLBA and HIPAA.
Experience managing IT Security related internal and external audit requirements
Experience deploying and managing enterprise security technologies and services, including but not limited to encryption (whole-disk, email/file, PKI), endpoint security (antivirus, HIPS, PFW), network security (Firewalls, intrusion prevention, web content filtering), threat/incident management (SIEM), Data Loss Prevention, and access control/administration.
Demonstrates success in managing IT Security operations and service delivery to meet or exceed SLAs and OLAs
Highly experienced in designing and implementing Identity and Access Management solutions, including role management, provisioning, on-boarding and single-sign-on capabilities.
Expert knowledge of threat and vulnerability management processes and technologies (Qualys, Core Impact, WebInspect, etc.)
Experience designing and implementing enterprise patch management programs
Knowledge of secure application development practices and architectures
Experience in driving communications, decision making and coordinating response activity for Computer Security Incident Response Team (CSIRT)
Actively participate in professional organizations such as ISSA, ISACA and InfraGard.
Education & Experience
Required:
Bachelor's Degree in Computer Science, MIS, Business Administration or similar area of study.
Twelve years of relevant IT experience and five years prior leadership experience required. An additional four years of related experience may substitute for the Bachelor's degree.
Certificates, Licenses and Registrations
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Other preferred professional certifications desired include: CISA, CWSP, GIAC
Other preferred vendor certifications include: CCNA, CCNP, CCSP, MSCE TNT Jobs - 10 months ago
