Director of Remediation/Security
The Enterprise Information Security team is seeking a leader who will ensure that we provide the technology and business teams with world class remediation of security threats and vulnerabilities across our systems and environments. They will be charged with cultivating an organization that provides real-time analysis of vulnerabilities and threats in our systems and environments, partner and engage with our technology and business teams to remediate known vulnerabilities and threats, and manage long-term and large-scale remediation items supporting our security posture.
- Lead and drive a team of Security Engineers to remove known vulnerabilities and threats in systems and environments.
- Foster a team culture of continuous improvement, mentoring and learning, data driven decisions, and accountability for delivery of key metrics and deliverables.
- Partner and collaborate with business and technology teams to develop actionable remediation solutions for security threats and vulnerabilities.
- Prioritize remediation of known vulnerabilities and threats inside our environment to ensure consistent and defensible security posture.
- Work closely with Product Management to prioritize and establish roadmap for the team.
- Hands on experience with the remediation of security vulnerabilities (e.g. OS/Application Patching, Static and Dynamic Application Security Testing, Data Loss Prevention Technologies).
- Knowledge of current security threat landscape including traditional data center and cloud computing platforms.
- Must have well developed change management skills; be effective in working across organizational boundaries to build a case for changes, and to execute on the change plan from strategy through to ongoing operation and continuous process improvement.
- Experienced in, and able to formulate, the effectiveness and benefits of security remediation initiatives in the context of overall business risk mitigation, security posture, and the company’s operational objectives.
- Exerience in leading diverse security teams, and ability to present to senior management and large groups.
- Must be able to simplify security and technical concepts for laypersons within our business and technology teams.
- Demonstrated ability to work autonomously and manage a wide variety of work streams simultaneously, and under deadline.
- Exposure to security systems and process with a background in travel industry a plus.
- Minimum eight (8) years of information security experience in increasing responsible roles required.
- Professional certification in information security (for example, CISSP, CISM or CEH) a plus.