Director - Cybersecurity

Position Summary:  

Key Responsibilities/ Duties:

• Oversee cybersecurity department, providing input to strategy, budgeting, personnel, and reporting
• Develop talent by conducting performance reviews, mentoring and education, and building a talent pipeline
• The facilitation of performance management processes, and the establishment of performance expectations, and evaluations.
• Foster a collaborative work environment
• Establishment and oversight of department goals and strategies to support key performance indicators (KPI’s)/metric success indicators.
• Assess, improve, and manage departmental processes/systems to promote effective delivery of service(s).
• Work with project managers to oversee the accuracy of timelines and deliverables.
• Drive the ongoing maturity of the security consulting practice to ensure Meriplex can meet the needs of its customer base.
• Consult with the team and solutions to develop reports for the security consulting practice, documenting process, methodology, timelines, and output.
• Propel and execute the development and implementation of overall security operations.
• Assess security risks, identify security objectives, and design security programs and initiatives.
• Lead incident response efforts, coordinating with various personnel to investigate and respond in a timely and effective manner.
• Oversee the monitoring and analysis of security events and alerts using advanced security information and event management tools.
• Ensure compliance with relevant security standards and regulations.
• Assist with screening and hiring security analysts
• Manage and coordinate incident response and forensic processes.
• Monitor and enforce guidelines for best practices in security and compliance.
• Support routine regulatory and compliance audit initiatives.
• Orchestrate daily compliance requirements and tasks as required.

Knowledge, Skills, Abilities, and Behaviors:

• Strong interpersonal skills and team-oriented attitude.
• Strong writing and speaking skills.
• Superior analytical and critical thinking skills.
• Deep understanding of how information travels.
• Familiar with incident response language.
• Well-rounded technical knowledge in Windows, Mac, Linux OS.
• Superior organization, facilitation, and leadership skills.
• Strong knowledge of current security threats, techniques, and landscape, and a dedicated and self-driven desire to research and learn more about the information security landscape.
• Review and triage experience with endpoint detection and response tools.
• Experience and knowledge related to the configuration and maintenance of security monitoring and reporting platforms.
• Familiar with proxy and web content filtering tools.
• Knowledge of a range of compliance, regulatory, and legal requirements and relevant principles, best practices, and standards across multiple industries (e.g., PCI, SOX, GLBA, CSA, PCI, NIST, ISO, IEEE, FedRAMP, HIPAA, and TCG)
• Knowledge of the MITRE att&ck framework and cyber kill chains.

Education/ Experience: 

• 7-10+ years of security industry experience or equivalent skill level.
• Bachelor’s degree in a relevant field
• Advanced understanding of policy and compliance.
• Advanced knowledge of scripting languages such as bash, powershell, python, KQL.
• Advanced experience securing an environment/incident response.
• Experience with system administration and network infrastructure is required.
• Experience with DNS and Active Directory.

Certifications:

• CISSP
• OSCP, CCSP, CASP+ preferred.

Physical Demands: 

Disclaimer: