Netcracker Technology, a wholly owned subsidiary of NEC Corporation, is a forward-looking software company, offering mission-critical solutions to service providers around the globe. Our comprehensive portfolio of software solutions and professional services enables large-scale digital transformations, unlocking the opportunities of the cloud, virtualization and the changing mobile ecosystem. With an unbroken service delivery track record of more than 20 years, our unique combination of technology, people and expertise helps companies transform their networks and enable better experiences for their customers.

The VP, Privacy and Information Security will have responsibility for developing and advancing an enterprise wide Information Security management program to ensure that information assets and critical infrastructure are protected. This position will also be responsible for identifying, evaluating and reporting Information Security risks in a manner that meets company, legal and regulatory requirements.

The VP will proactively and collaboratively work with technology and business functions to develop and implement policies and procedures that meet defined standards for Information Security management and that are appropriate for NetCracker’s business operations worldwide.

This role will serve as the face of the security program for NetCracker and will be responsible for communicating NetCracker’s policies and operational practices to NetCracker’s personnel, customers and business partners.

Additionally, the VP will serve as the primary customer facing executive for privacy and information security needs. This includes working directly with existing customers regarding ongoing security needs, audits, incidents, and future roadmap. This role will also include working alongside Netcracker’s sales team to give potential customers the awareness of and confidence in Netcracker’s ability to keep customer data secure.

The ideal candidate will have a consultative and solutions oriented approach, will be able to integrate processes and innovative ideas, and will be a problem solver. He/She will be able to define a holistic vision, goals, and roadmap encompassing all aspects of information security and effectively execute with the support and partnership of both the Netcracker organization and that of each of its customers. The ideal candidate will also be a strong communicator to senior management and NetCracker’s Board of Directors.

Responsibilities:

• Assess current security measures, including policies, procedures and organization and make recommendations for modification and improvement.
• Develop business-relevant metrics to measure the efficiency and effectiveness of the company’s Information Security management program, facilitate appropriate resource allocation and increase the maturity of the program.
• Ensure that the Information Security management program supports compliance with applicable laws, regulations, contractual requirements and policies to minimize or eliminate risk and address audit findings.
• Develop a threat intelligence strategy and incorporate threat intelligence into the security program.
• Oversee and maintain a program of regularly scheduled security audits and assessments to evaluate policy compliance and existing defenses and to identify vulnerabilities.
• Provide subject matter expertise to executive management and NetCracker’s Board of Directors on a broad range of Information Security standards and best practices and offer strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls.
• Work with senior management to ensure appropriate technologies are in place to safeguard NetCracker’s infrastructure and data assets.
• Work directly with internal departments and external entities to (i) establish and facilitate IT risk assessment and risk management processes, including the reporting and oversight of remediation efforts to address negative findings; (ii) identify acceptable levels of risk; and (iii) establish roles and responsibilities with regard to information classification and protection. Advise on potential systems purchases and implementations to ensure that Information Security concerns are understood and addressed holistically.
• Oversee incident response planning and management of security incidents and events to protect NetCracker assets (e.g., information, critical infrastructure, intellectual property and reputation), such duties to include overseeing the investigation of security breaches and assisting with disciplinary and legal matters associated with such breaches, as necessary.
• Coordinate the use of external resources involved in the Information Security management program, including, but not limited to, interviewing, assisting in negotiating contracts and fees and managing external resources.
• Manage a global organization of information security professionals including aligning resources to the functional needs of the organization, recruitment of qualified professionals, and ongoing advancement of the workforce
• Oversee vulnerability management, including, but not limited to, maintaining a centralized scanning environment, identifying scan targets (hardware and web applications), listing and scheduling scans and working with target owners to remediate identified vulnerabilities.
• Partner with current disaster recovery program leaders including, but not limited to, auditing and testing recovery plans, promoting the importance of disaster recovery and continuity planning to departments, and the performance of business impact analyses.
• Work with internal NetCracker departments to coordinate and manage public relations activities as they relate to the Information Security program and incident response.
• Establish relationships with Netcracker’s customer leader ship teams, such as CISO’s, to align and advance visions, roadmaps, and programs for all aspects of information security and privacy initiatives
• Maintain relationships with local, state and federal law enforcement and other related government agencies.
• Train personnel at corporate, in the regions, and related acquisitions with significant responsibilities for Information Security. Create education and awareness programs and advise operating units at all levels on security issues, best practices and vulnerabilities.
• Assist with business related audits, including SOC 1/2, PCI and SSAE 16 audits.
• Lead programs to obtain and regularly certify against applicable industry certifications such as ISO 27001
• Assist with compliance with applicable data protection law.

Requirements:

• Experience working in the telecommunications industry
• Master degree in Computer Science, Software Engineering or related fields. Strong consideration will be given to candidates with advance degrees along with professional certifications such as: Certified Information Systems Security Professional-CISSP; Certified Information Security Manager-CISM; Certified Information Systems Auditor-CISA; GIAC Security Expert-GSE.
• Master Business Administration degree is a plus.
• M&A experience integrating disparate Information Security programs is a plus.
• Minimum of 12-15 years of IT experience with a minimum of 10 years in IT security in complex organizations and a thorough understanding of technology platforms, trends and cyber-security platforms is required.
• Experience in telecommunications industry.
• Ability to travel up to 50% both domestically and internationally 
• Strong analytical, communication, presentation and collaboration skills.
• Strong Information Security architecture design and implementation skills.
• Strong understanding of, and direct experience with, application security topics, including application security assessments, web assessments and penetration testing, OWASP top-10, intrusion detection/prevention systems, end-point security, security information and event management software. 
• Experience in implementing new security methods such as Two-Factor Authentication, Identity Management/SSO and document level encryption on a worldwide basis. 
• Experience assessing security of custom built applications, SaaS/Cloud applications/services, and SSAE 16, and SOC1/2/3 reports.
• Strong knowledge of Secure Software Development Lifecycle (SSDLC) processes and methodologies.
• In depth knowledge of TCP/IP networking in relation to IT security.
• In depth understanding of common protocols ranging from midlevel (IP, TCP, UDP) to application level (Syslog, SSL, HTTP, FTP, DNS).
• Strong understanding of a wide variety of attacks such as cross-site scripting, network intrusions, malicious emails, web-based attacks, malware, botnet infections, etc. 
• Experience with SOX ITGC Security Controls, PCI-DSS, government standards (NIST standards), industry standards (ISO-27001) and international security requirements for personal data (EU Data Privacy, Safe Harbor, etc.).
• In depth experience with risk assessment/management and compliance.
• Experience managing third party Information Security vendors.
• Ability to understand different business models and their respective Information Security risks and needs.
• Experience managing multiple, simultaneous, significant Information Security related initiatives and responses.