Director, Information Security
New York, NY
Featured Hatch Accounts – Pryon /
Full Time - Remote
hatch I.T is partnering with Pryon to find a Director, Information Security. See details below:
About the Role:
Pryon is hiring a Director of Information Security who can bring their significant experience increasing our security efforts as the company continues to scale. We have a security-first mindset and all actions, culture and development is constantly being evaluated for improvements. This would be a great opportunity at a fast-paced early-stage growth company to help lead the charge of our cybersecurity and firm-wide security initiatives.
In This Role, You Will:
- The Director of Information Security reports to the VP of Solutions & Security and is responsible for the upkeep of existing design and additional implementation of security efforts to protect Pryon and its core product and systems against intrusion and threats, cyber-attacks and data breaches both internal and external
- Complete management and triage of all exploits and vulnerabilities involving company equipment, SaaS applications in use by employees and proper updates along with coordination with IT Administration
- This role is responsible for the completeness of provisioning, deployment, configuration, and administration of Pryon’s information security systems, including security monitoring, endpoint protection, identity and access management, vulnerability management and incident response
- Design and drive security projects and initiatives, to ensure ongoing compliance with approved policies and regulatory requirements including SOC2, NIST, CMMC 2.0, ISO, and GDPR
- Assist in the architecture, implementation, management and enhancement of technical security capabilities – IPS/IDS, DLP, IAM, SIEM, etc.
- Monitor IDS alerts, suspicious emails, application logs, and system audit logs for anomalous activities. Analyze internal and external threats/vulnerabilities and coordinate appropriate remediation efforts with other internal stakeholders
- Provide security incidents and response support, as needed
- Develop and implement SIEM use cases, to support the monitoring of Pryon’s infrastructure, and handle escalations with managed service providers
- Triage security tickets according to priority levels
- Prepare and maintain up to date documentation details, including standard operating procedures, of deployed technical solutions
- Actively manage the continuous integration/continuous delivery pipeline of correlation rules and use cases, including the design and development of threat models and building, testing and deployment of correlation rules or use cases on SIEM
Defining & Creating of Controls:
- Define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
- Develops and validates baseline security configurations for operating systems, applications, and cloud infrastructure
- Incident Detection and Response: Provides second- and third-level support in the event of a security incident
- Participates in compliance reviews, as requested by internal or external auditor's
- Monitors daily or weekly reports and security logs for unusual events with our managed service provider.
- Along with SOC2, ISO, NIST and GDPR framework standards you will receive audit findings, and manage the collection of responses and remediation plans with owners
- Provides oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, and tracking progress and providing status and updates to the enterprise compliance team for reporting purposes
- Supports e-discovery processes to include identification, collection, preservation and processing of relevant data
- Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes.
Information Security Architecture:
- Assists in the development of security architecture and security policies, principles and standards
- Participates in the enterprise architecture (EA) community, and provides strategic guidance during the EA process
- Researches, evaluates, designs, tests, recommends and plans the implementation of new or updated information security technologies.
- Researches and assesses new threats and security alerts, and recommends remedial actions.
- Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required.
What You'll Need to Be Successful:
- Minimum 5 years in Cybersecurity and Information Security leading and implementing security best practices for a major firm
- Hands on experience provisioning, configuring and securing systems and applications
- The role requires a blend of cybersecurity experience and highly developed communication skills to be a security expert, liaison and engineer for Pryon
- Strong working knowledge of security technologies (Intrusion Detection and Prevention Systems, Web Proxy, Antivirus, Security Information and Event Management (SIEMs), Endpoint Detection agents, etc.)
- Strong understanding of TCP/IP, MITRE ATT&CK, Kill Chain, Vulnerability Management and Networking principles
- Strong understanding of Secure SDLC, CI/CD pipeline monitoring and DevOpsSec principles
- Experience with Python scripting language for automation
- Experience with Apple, iOS computer and device operating systems, and cloud security fundamentals
- One or more industry certifications like CISSP, Splunk Enterprise Security Certified Admin, Azure Security Engineer, MS Security Operations Analyst Associate
- National Initiative for Cybersecurity Education (NICE) competency proficiency levels of developing to proficient in leadership, operational, and professional, and proficient to advanced in technical
$180,000 - $230,000 a year
Don't think you're 100% qualified for this position? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At hatch I.T., we're dedicated to helping companies build diverse, inclusive and authentic workplaces, so if your experience doesn't perfectly align with every qualification in the job description, we encourage you to apply anyway. You may just be the right candidate for this or other roles.
If you are interested in learning more about this company or any Startups/Small Businesses in the area, please contact us and check us out here!!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.