Director, Security Operations (Containment)
The Enterprise Information Security is seeking a leader who will ensure identifying, preventing, and containing security threats and vulnerabilities within our systems and environments. This role will lead the teams focused on security design reviews, vulnerability management, penetration testing, and security scans of our systems and environments. This leader will be responsible for partnering with the business and technology teams to assist in delivering secure solutions in support of their strategic roadmaps.
- Lead a team of Security Engineers to perform security design reviews for new and existing technologies across the enterprise.
- Direct the penetration test team/red team of ethical hackers focused on ensuring support of our PCI requirements as well as the growing portfolio.
- Oversee the Containment Operations function focused on the identification of vulnerabilities. Leveraging Static Code Analysis, Dynamic Code Analysis, Network Firewall Rule Management, Qualys Vulnerability Scans, and Data Loss Prevention systems.
- Manage the security exception process ensuring the security organization is balancing the needs of the business with the security polices set forth to protect the environment.
- Foster a team culture of continuous improvement, mentoring and learning, data driven decisions, and accountability for delivery of key metrics and deliverables.
- Partner and collaborate with business and technology teams to ensure security scans encompass the breadths and depth necessary to ensure consistent and defensible security posture.
- Work closely with Product Management to prioritize and establish roadmap for the team.
- Minimum eight (8) years of information security experience in increasing responsible roles required.
- Professional certification in information security (for example, CISSP, CISM or CEH) a plus.
- Demonstrated knowledge of security industry standards and leading practices (e.g. PCI, OWASP, NIST, CIS, CVSSv3).
- Hands on experience with the containment of security vulnerabilities (e.g. OS/Application Patching, Static and Dynamic Application Security Testing, Data Loss Prevention Technologies).
- Knowledge of current security threat landscape including traditional data center and cloud computing platforms.
- Must have well developed change management skills; be effective in working across organizational boundaries to build a case for changes, and to execute on the change plan from strategy through to ongoing operation and continuous process improvement.
- Experienced in, and able to formulate, the effectiveness and benefits of security containment initiatives in the context of overall business risk mitigation, security posture, and the company’s operational objectives.
- Experience in leading diverse security teams, and ability to present to senior management and large groups.
- Must be able to simplify security and technical concepts for laypersons within our business and technology teams.
- Demonstrated ability to work autonomously and manage a wide variety of work streams simultaneously, and under deadline.
- Exposure to security systems and process with a background in travel industry a plus.