Director, Information Security Operations and Engineering

Information Technology Remote - United States


Description

Position at J2 Global

Reporting directly to the Chief Information Security Officer (CISO), the Director of Information Security will be an innovative, experienced, self-driven manager/leader in the cyber security space that will be able to educate, provide guidance, and help drive information security initiatives and standards throughout the company. This individual will be an enabler and a trusted partner for various departments (Legal, Internal Audit, IT, Business Units, etc.) and teams.

 

The candidate must also possess a strong hands-on technical- and security- practitioner background and the ability to effectively collaborate with technical staff, understand governance, risk mitigation, and technical controls. As the leader of the Information Security Operations and Engineering team, this individual will establish and drive effective processes, technical security standards, and appropriate collaboration among teams.

Responsibilities

        Develop, establish, and manage the strategy for the Information Security Operations and Engineering function

        Operate as a strategic player/coach in a highly hands-on role with an opportunity to leverage all skills in the Cyber Security space, including risk management, regulatory matters such as PCI, GDPR, CCPA, HITRUST, and SOX, technical knowledge and selection of security tools and processes

        Recruit and manage the Information Security Operations and Engineering team.

        Review, revise, and maintain the Security Incident Response policy and procedure.

        Oversee Security Incident responses.

        Direct, oversee and manage Information Security Operations and Engineering activities, including:

        Creation of security architecture artifacts that reflect and support business, operational, technical, and compliance objectives.

        Development and maintenance of organizational Security Architecture Plans and Designs.

        Work with Engineering and Operations teams to secure production environments, and implement systems to monitor and maintain the security of our products in development and production.

        Establish a regular program to review J2 and subsidiary environments to ensure security standards are in force and are effective.

        Design and operate data loss prevention programs and systems for the company.

        Security product purchase proposals and implementation plans.

        The timely review of threat and vulnerability reports and the creation of processes and action plans to address risks identified by them.

        Develop and establish processes and execute on cyber investigations and forensic activities for incident responses; ensure the outcomes improve company security posture.

        Log management review activities.

        Regular vulnerability scans of systems across the organization and collaborate with departments to ensure systems are remediated and/or security controls set in place.

        Contribute to the annual review and update of the Disaster Recovery and Business Continuity Plan.

        Ensure compliance of the Information Security and Risk Management program with all Regulatory, Contractual, Association, and Client requirements.

        Conduct presentations to and collaborate with company stakeholders to raise awareness of security risk management concerns and drive outcomes to improve security posture.

        Work with Executive Management to determine acceptable levels of risk for the company.

        Work with outside partners or consultants as required to meet independent security audit needs; manage outside security partners, stakeholders, vendors, and solutions providers working on security implementations.

        Ensure that Information Security is adequately represented across all departments and business units.

        Support compliance efforts, client audit responses (for IT and Security items) and other compliance requirements.

        Assist the Information Security team with developing and building a forward-thinking, preventative Information Security Program across all disciplines

        Maintain awareness of Information Security industry trends, evaluate solutions and techniques, and remain aware of new and emerging threats.

        Other duties as assigned.

Qualifications/Requirements

        Bachelor's degree in related field or equivalent combination of experience and education

        CISSP, CISM, or other equivalent security certification is a plus

        10+ years of technology experience with a minimum of seven years specifically focused in the area of Cyber Security 

        Demonstrated leadership abilities with team-oriented interpersonal skills; ability to effectively interface with a broad range of people and roles              

        Recent experience with engineering, implementing & managing Information Security controls in SasS environments preferred.

        Progressive experience in Information Security management including, managing Information Security team staffing, contracting, budgeting, vendors, and security programs and projects

        Hands-on technical experience with Physical Security Systems, Telecommunications and Networks, Security Solutions (Firewalls, IDS/IPS, SIEM, Vulnerability Assessment Tools), Employee Security Training, Access Control Systems, Cryptography, and Secure SDLC Methodologies

        Working knowledge of modern software development practices, such as SDLC, Agile, SAFe, etc.

        Working knowledge of common information security management frameworks, such as, PCI, ISO/IEC 27001, and NIST CSF.

        Working knowledge of state and federal information security, compliance, and privacy procedures such as GDPR and CCPA securities policies. Understanding of rules and laws governing public companies, including GLBA and SOX. Ability to interpret state and federal laws, company guidelines, and regulatory rules to determine how they apply to the company.

        Experience performing multifaceted projects in conjunction with routine operational and support activities.

        Good sense of humor and the ability to effectively use XKCD in a sentence.

        Ability to work with full confidentiality and a high level of personal integrity.

        Excellent verbal and written communication skills, including the ability to draft and deliver technical reports, presentations, and correspondence.

        Willingness to learn, discover, experiment

        Comfort with working as a team player in a startup-like environment where no task/assignment is too small

        Energetic and fast-paced, with low-ego and an open style

        Must possess problem-solving skills and logical thinking.

        Organization and prioritization skills are essential.

        This position may require up to 25% travel domestically within the United States. International travel may be required, on occasion. The travel will likely be, for the most part, planned ahead of time and will be on a need basis.

 

 

About J2

Founded in 1995, J2 Global, Inc. (NASDAQ: JCOM) is the result of a marriage of a revolutionary patented suite of services and a financially strong and disciplined organization.

J2 Global is a leading Internet information and services company consisting of a portfolio of brands including IGN, Mashable, Humble Bundle, Speedtest, PCMag, RetailMeNot, Offers.com, Spiceworks, Ekahau, Everyday Health, BabyCenter and What To Expect in its Digital Media business and eFax, eVoice, iContact, Campaigner, VIPRE, and IPVanish in its Cloud Services business. J2 Global reaches over 240 million people per month across its brands.

J2 has achieved 25 consecutive fiscal years of revenue growth and is an active acquirer of businesses, having deployed over $3 billion of acquisition capital since its founding. J2 has nearly 5,000 employees around the world in more than 50 offices.

 

Equal Opportunity Employer:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets

 
This is a remote/office-based position which may be performed anywhere in the United States except within Colorado.

#LI-Remote
#LI-MJ1