Director, Cyber Defense
This role reports directly to the Chief Information Security Officer.
Under the direction of the Chief Information Security Officer, the Director of Cyber Defense oversees the proactive identification and mitigation of cyber threats. The leader will work collaboratively across the company with stakeholders in the management of security related risks and proactive identification of threats. They are charged with partnering with Security Engineering to ensure HBC detective and preventative technologies are operating effectively. As the primary individual responsible for leading all cyber incident response activities, they are capable of understanding, coordinating or directing action against a wide variety of security technologies.
Role responsibilities include:
- Working closely with the CISO and Technology Security teams, establish the organizations global Cyber Defense and Incident Response service.
- Lead the Security Operations function across a fast paced dynamic heterogeneous operating environment
- Represent the Information Security Office as the security lead for all major incidents and investigations
- Collaborate with and engage Managed Service Providers as needed
- Create and evaluate Incident Response workflow procedures, policies, and metrics reporting
- Create and deliver documentation regarding standard operating procedures and processes as they pertain to incident response as part of the overall information security program
- Collaborate with divisional and cross-functional stakeholders on incident response and forensics, including managing both internal and external technical resources
- Apply reporting and compliance requirements to the Incident Response program
- Stay abreast of emerging threats, changes in incident response regulatory compliance, and risks
- Provide support to Legal partners for discovery, hold requests, and other investigations
- Work as a contact for HBC’s Threat Intelligence related services and support
- Assist in the development, implementation and ongoing management of the Information Security Program
- Provide information security technology expertise/consultation for various departments as requested.
- Provide enterprise and local project team leadership for information security initiatives
- Other relevant information security duties as assigned
The successful candidate must demonstrate effective, decision making, results delivery, team building, and the ability to stay current with relevant technologies and information security concepts.
He/she should embody a culture of taking smart risks and innovating to win, with a willingness to initiate change as the company grows in order to streamline processes, improve efficiency and facilitate the growth of the company. They’ll have the ability to provide sound business judgment and influence others to drive ideas and plans forward.
- Demonstrated experience running a security operations function
- Detailed and demonstrated knowledge of security operations principles and technologies. Experienced in applying techniques to improve threat detection, reduce time for mitigation and containment and deliver an effective response to support business initiatives.
- Prior leadership roles in Information Security, Cyber Defense or Information Assurance organizations
- Ability to manage a high degree of complexity and distill information that provides clear guidance and direction as needed to teams or providers
- Experience building trusted partnerships with internal and external technology providers and stakeholders
- Strong knowledge of information systems security standards and practices (e.g., access control, secure coding, system hardening, system audit and log file monitoring, security policies, and incident handling)
- Proven technical acumen with an excellent understanding of Windows and *nix environments, TCP/IP and network communications, network and server infrastructure technologies and devices including firewalls, routers, switches, etc.
- Knowledge of ISO27001, NIST 800-53 and similar frameworks
- Demonstrable knowledge of regulatory and statutory compliance requirements including PCI-DSS, HIPAA, etc.
- Proficiency in Microsoft software: Outlook, Word, Excel, PowerPoint, and Visio
- Bachelor Degree (or higher) in computer science, information security or an equivalent combination of education, training and experience
- Relevant information security certifications preferred (i.e. CISSP, CISM, GCIH,etc.)
- Minimal travel required
- Remote work is supported
Thank you for your interest with HBC. We look forward to reviewing your application.
HBC provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, HBC complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
HBC welcomes all applicants for this position. Should you be individually selected to participate in an assessment or selection process, accommodations are available upon request in relation to the materials or processes to be used.