Director – Corporate Security

Director – Corporate Security

Requirements

• 10+ years of experience in enterprise IT and corporate security
• A Bachelor’s or Master’s degree, or equivalent experience
• Subject matter expert in cloud infrastructure and SaaS applications
• Extensive experience in a senior cybersecurity and/or IT leadership roles, including coordination with cross-functional teams, and effective collaboration with various stakeholders
• Strong hands-on technical knowledge of cloud and enterprise platforms, security, security tools, and security architecture
• Operational security experience, including incident response
• In-depth knowledge of cybersecurity frameworks, standards, and best practices (e.g., NIST, ISO 27001, CIS), threat analysis, and risk management
• Strong communication skills to convey complex security concepts to non-technical stakeholders
• Relevant certifications such as CISSP, CISM, or CISA
• Knowledge of access control and identity management systems
• Experience with network protocols and secure network design
• A strong track record working in a collaborative environment
• Experience consulting with external vendors
• Experience with MITRE, NIST, OWASP frameworks

Responsibilities

• Maintain a comprehensive NIST CSF based cybersecurity risk management framework, ensuring alignment with relevant cybersecurity regulations and industry standards
• Support regular risk assessments to identify and evaluate cybersecurity threats, vulnerabilities, and potential impacts on the organization, and organize efforts to design and improve our security vulnerability management programs both proactively (audits, etc.) and reactively (patching policy, CVE tracking, etc.)
• Ensure an accurate inventory of critical assets is maintained
• Draft and review information security policies, standards and procedures
• Oversee management of security reviews of third-party vendors and track surface area of risk for use of their products and integrations at SDF
• Work closely with the IT & engineering teams on security analyses using SIEM tools and vulnerability assessments. While improving or implementing solutions as needed
• Provide detailed, actionable reports on identified risks to executive leadership and decision-makers
• Develop and present risk mitigation options and recommendations that align with the organization’s risk appetite and strategic objectives
• Integrate and coordinate security and security impacting functions (e.g., IT, HR) throughout the organization
• Oversee the implementation of approved cybersecurity mitigation strategies and solutions, including endpoint, cloud, and third-party security baselines
• Oversee the effective deployment of security tools, policies, and procedures to protect the organization’s assets and information, including resilient backup and recovery solutions. Develop roadmaps for improving and iterating on implemented security tooling and policy
• Continuously monitor the effectiveness of implemented controls, including via internal and/or external audits and penetration tests, and adjust strategies as necessary to address emergent risks
• Track and document security impacting changes and exceptions to security policy and controls, approve, deny or escalate as required
• Work within SDF’s incident response framework and ensure postmortem follow up is completed in a timely manner
• Coordinate with internal and external stakeholders to ensure comprehensive incident response and recovery plans are in place and regularly tested

Preferred Qualifications

• Experience working on open source projects
• Master’s Degree in Computer Science and/or Information Technology
• Participation in the crypto community
• Experience with security solutions like SEIM tooling, Wazuh, and audit tooling
• Experience in developing policies in collaboration with executive level roles