Back to Careers

Director of Information Security

Location: 
Cambridge
Date Posted: 
07/01/2019
Employment Type: 
Direct Hire
Job ID: 
10177
Description: 

The Director of Information Security will be responsible for leading a team of full time and vendor/contractors.  You will be responsible for the cyber security program that will protect the business from external and internal threats. Ensuring operationally, we meet the requirements of both domestic and international compliance regulations including GDPR, Privacy Shield, PCI, Mass. Data Privacy (201 CMR 17.00), and SOX. The ideal candidate will be an insightful leader who has proven technical experience and strong leadership skills.

What You'll Do:

  • Formulating and leading a team in implementing and managing a comprehensive strategy that protects us from cyber security threats
  • Ensure that all company software, process, procedures, computer architecture and application code are properly designed and maintained to ensure company security and/or compliance standards
  • Educate and communicate to key stakeholders of new threats, industry trends, and applicable laws related to security thru reports, presentations and key metrics
  • Identify and mitigate security incidents, compliance issues, security team’s operational inefficiencies, application vulnerabilities, network/infrastructure and other vulnerabilities
  • Identify software/tools/vendors that can increase the organization's security posture and/or threat intelligence
  • Lead projects to improve data collection and interpretation processes and initiatives regarding threat intelligence
  • Monitor, research, analyze, brief, and develop mitigation for security threats

Who You Are:

  • 7+ years of Information/Cyber Security Experience
  • Experience leading staff and vendors/partners
  • BA or BS degree in Information Security, Cyber Security, Computer Science or other related degree
  • Knowledge of PCI, SOX, and GDPR compliance
  • Knowledge of designing a comprehensive security programs for SaaS applications and Corporate environments including Security Assessments, PEN Tests, Risk Management, Threat Intelligence, Vulnerability Management, Incident and Response, Security Training, Privacy and Compliance Programs