Director of Information Security (Closed)

SkillStorm is seeking a Director of Information Security for a remote position. Candidates must be able to work on SkillStorm's W2; not a C2C position. EOE, including disability/vets.

Description:

• We are looking for a Director of Information Security, reporting to the SVP of R&D, to join the technology team and guide security policy, planning, and execution across both product and business systems. You will monitor security alerts and leverage your past experience to identify and prioritize mitigations; codify incident response procedures and lead responses to incidents in flight; work with Technology Operations to design and execute perimeter and infrastructure hardening; lead relationships with external security providers; write reports for executive leadership about the state of the security risk and RTS preparedness; and work collaboratively with your Technology peers to implement security best practices across the board.
• In this role, you should be able to work with little direct management supervision, at times leading ad-hoc teams within Product Engineering, Business Systems Engineering, and/or Technology Operations. You should have hands-on experience with security technology and policies, including implementing NIST 800-53. You will be challenged to both present at a high-level to executive leadership, and roll up your sleeves and work with engineers to get the job done.

Responsibilities:

• Create and disseminate security policy so as to proactively reduce risk
• Author and deliver employee training, both general and in technical depth for the engineering teams, as needed to implement security policy
• Regularly conduct audits and report on the status and success of such policies
• Monitor vulnerability alerts, assess RTS preparedness, and advise Technology leadership on the availability and priority of any needed mitigations
• Create incident response and recovery plans and procedures, and assemble and lead engineering teams to implement as needed
• Promote the importance of security across the engineering teams, and be able to assist with security-by-design
• Assist with the design and implementation of security technology at all levels of the stack
• Deliver talks to engineering and general audiences on security topics

Requirements:

•  Experience implementing NIST 800-53 revision 5
• 10+ years of security experience, including 5+ years in security leadership roles
• Practical knowledge of security technologies
• Ability to work through influence across the enterprise
• Ability to work independently
• Excellent written and verbal communications and presentation skills, including speaking persuasively to non-technical audiences
• BSc/BA in Computer Science or a related degree, or sufficient certifications from accredited institutions to demonstrate reasonable equivalent knowledge

Ideal Candidate Qualifications:

• CISSP or similar certifications
• Experience with these technologies will set you apart: Microsoft 365, Azure, Kubernetes, C#, Fortinet
• Growth mindset: be prepared to apply what you know, discover how much you don’t know, and grow every day
• Value and bring diversity in background, perspective, thought, word, and deed
• Sustainability is your way of life, not just your job

Work Environment:

• Office Location will be Remote (New York Metro Area Preferred)
• You must generally be available to work collaboratively, in real time, between 8am Pacific Time and 5pm Eastern Time
• You will be reasonably on-call after hours, for response to security events

Education and Experience:

• Bachelor's Degree preferred or comparable work experience