Director, Information Security

Overview: The Director, Information Security oversees the critical programs that protect application and data assets which drive revenue for the organization.  This role will engage with leadership teams in all areas of the organization to ensure effective information security programs and processes are in place. The Director, Information Security is responsible for the following areas: cybersecurity operations and cybersecurity technology oversight, governance, and application security including security architecture, secure SDLC process and tooling, Threat Modeling, DevSecOps Security Champions and DevSecOps Community management.

Duties and Responsibilities:

• Drives the deployment and adoption of the following functional areas/programs:
  • Daily Cybersecurity Operations Oversight
  • Cybersecurity tooling operational configurations
  • Security Architecture Patterns and Pattern Languages
  • Threat Modeling Program
  • Establishment and management of a DevSecOps program and Community
  • Secure CI/CD Implementation
  • Data Protection
  • Third party Penetration Testing Program
  • Vulnerability Management Program;
• Responsible for the identification of security trends in order to achieve and maintain a holistic security posture including, but not limited to risk analysis, security architecture and design, and systems security engineering;
• Manage the daily operational integration between CCS, in particular the CCS Technology and Engineering teams, and the CCS MDR Vendor. Produce weekly Cybersecurity activity reports. Drive Cybersecurity technology configuration updates so that identified risks are not left unaddressed.
• Ensure ongoing protection of confidential data and risk assessment relative to CCS business model including, but not limited to classification of data, access controls, encryption, key management, storage and resource allocation.
• Drive the establishment of a technical/engineering DevSecOps Champions program and Community. Leading the adoption of DevSecOps principles, advanced role-based training, offensive testing and managing a community.
• Establish norms for security architecture and implementation pattern authorship and re-use across the engineering community;
• Establish recurring and long-range security and compliance goals and KPIs. Define metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements;
• Liaise with business, technology and product engineering to understand their security architecture needs and influence adoption of enterprise-wide security architecture.
• Maintain compliance with CCS’s policies, procedures and mission statement.
• Adhere to all confidentiality and HIPAA requirements as outlined within CCS’s Operating Policies and Procedures in all ways and at all times with respect to any aspect of the data handled or services rendered in the undertaking of the position.
• Fulfill those responsibilities and/or duties that may be reasonably provided by CCS for the purpose of achieving operational and financial success of the Company.
• Uphold responsibilities relative to the separation of duties for applicable processes and procedures within your job function.
• We reserve the right to change this job description from time to time as business needs dictate and will provide notice of such.

Job Requirements:

• Minimum 10 years of progressive experience performing technology and security related duties with at least 4 of the years in cybersecurity and systems security;
• Ability to communicate with and influence all levels within a dynamic fast past organization;
• Demonstrated experience in managing a team, as well as, coaching and motivating employees;
• Knowledge of applicable NIST, ISO, HIPAA, SOC, HITRUST, CIS and data privacy practices and laws;
• Strong leadership skills and excellent cross functional relationship building skills;
• Strong interpersonal and oral communication skills, highly self-motivated and directed;
• Experience in a national or international company with a geographically dispersed workforce;
• Knowledge of State and Federal laws governing public companies as related to Information Security;
• Knowledge of current landscape and future trends in information security, compliance, and risk management;
• Familiarity with cloud security alliance preferred; and
• CISSP, CISA, OSCP or other information security certifications are preferred.

Education:

• Bachelor’s degree in Information Technology related field and or equivalent work experience required.

Physical Demands and Work Environment:

• Sedentary work (i.e. sitting for long periods of time);
• Exerting up to 10 pounds of force occasionally and/or negligible amount of force;
• Frequently or constantly to lift, carry push, pull or otherwise move objects and repetitive motions;
• Subject to inside environmental conditions; and
• Travel for this position will include less than 5% locally usually for training purposes.