Director, Information Security
New York City
IT & Security /
Full Time /
We’re a team of AI, tech, and language experts whose DNA lives in Alexa, Siri, Watson, and virtually every human language technology product on the market. Now we’re building an industry-leading knowledge management platform. Our proprietary, cutting-edge natural language processing capabilities transform unstructured data into meaningful experiences that increase productivity with unmatched accuracy and speed.
We are seeking a Director of Information Security who can bring their significant experience increasing our security efforts as the company continues to scale. We have a security-first mindset and all actions, culture and development is constantly being evaluated for improvements. This is a great opportunity at a fast-paced early-stage growth company to help lead the charge of our cybersecurity and firm-wide security initiatives.
In This Role, You Will:
- The Director of Information Security reports to the VP of Solutions & Security and is responsible for the upkeep of existing design and additional implementation of security efforts to protect Pryon and its core product and systems against intrusion and threats, cyber-attacks and data breaches both internal and external
- Complete management and triage of all exploits and vulnerabilities involving company equipment, SaaS applications in use by employees and proper updates along with coordination with IT Administration
- This role is responsible for the completeness of provisioning, deployment, configuration, and administration of Pryon’s information security systems, including security monitoring, endpoint protection, identity and access management, vulnerability management and incident response
- Design and drive security projects and initiatives, to ensure ongoing compliance with approved policies and regulatory requirements including SOC2, NIST, CMMC 2.0, ISO, and GDPR
- Assist in the architecture, implementation, management and enhancement of technical security capabilities – IPS/IDS, DLP, IAM, SIEM, etc.
- Monitor IDS alerts, suspicious emails, application logs, and system audit logs for anomalous activitiesAnalyze internal and external threats/vulnerabilities and coordinate appropriate remediation efforts with other internal stakeholders
- Provide security incidents and response support, as needed
- Develop and implement SIEM use cases, to support the monitoring of Pryon’s infrastructure, and handle escalations with managed service providers
- Triage security tickets according to priority levels
- Prepare and maintain up to date documentation details, including standard operating procedures, of deployed technical solutions
- Actively manage the continuous integration/continuous delivery pipeline of correlation rules and use cases, including the design and development of threat models and building, testing and deployment of correlation rules or use cases on SIEM
Defining & Creating of Controls:
- Define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
- Develops and validates baseline security configurations for operating systems, applications, and cloud infrastructure
- Incident Detection and Response: Provides second- and third-level support in the event of a security incident
- Participates in compliance reviews, as requested by internal or external auditors
- Monitors daily or weekly reports and security logs for unusual events with our managed service provider.
- Along with SOC2, ISO, NIST and GDPR framework standards you will receive audit findings, and manage the collection of responses and remediation plans with owners
- Provides oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, and tracking progress and providing status and updates to the enterprise compliance team for reporting purposes
- Supports e-discovery processes to include identification, collection, preservation and processing of relevant data
- Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes.
Information Security Architecture:
- Assists in the development of security architecture and security policies, principles and standards
- Participates in the enterprise architecture (EA) community, and provides strategic guidance during the EA process
- Researches, evaluates, designs, tests, recommends and plans the implementation of new or updated information security technologies.
- Researches and assesses new threats and security alerts, and recommends remedial actions.
- Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required.
What You'll Need to Be Successful:
- Minimum 5 years in Cybersecurity and Information Security leading and implementing security best practices for a major firm
- Hands on experience provisioning, configuring and securing systems and applications
- The role requires a blend of cybersecurity experience and highly developed communication skills to be a security expert, liaison and engineer for Pryon
- Direct experience with MS Office, MS Online and MS 365, including implementations and full administration/IAM
- Strong working knowledge of security technologies (Intrusion Detection and Prevention Systems, Web Proxy, Antivirus, Security Information and Event Management (SIEMs), Endpoint Detection agents, etc.)
- Strong understanding of TCP/IP, MITRE ATT&CK, Kill Chain, Vulnerability Management and Networking principles
- Strong understanding of Secure SDLC, CI/CD pipeline monitoring and DevOpsSec principles
- Experience with Python scripting language for automation
- Experience with Apple, iOS computer and device operating systems, and cloud security fundamentals
- Microsoft Base level Certifications: MS-900 – MS 365 Fundamentals & SC-900 – MS Security, Identity, and Compliance Fundamentals
- Microsoft Advanced level Certifications: MS-102 – MS 365 Administrator Expert & SC-400 – MS Information Protection and Compliance Administrator Associate
- Either the Apple Certified IT Professional or Apple Certified Support Professional Certifications
- One or more industry certifications like CISSP, Splunk Enterprise Security Certified Admin, Azure Security Engineer, MS Security Operations Analyst Associate
- National Initiative for Cybersecurity Education (NICE) competency proficiency levels of developing to proficient in leadership, operational, and professional, and proficient to advanced in technical
$180,000 - $200,000 a year
Annual salary is only one component of overall compensation. Actual salaries are based on factors such as work experience and education and may vary from the specified range.
Benefits for Full Time Employees:
100% Company paid Health/Dental/Vision benefits for you and your dependents
Life Insurance, Short-term and Long-term Disability
We are interested in every qualified candidate who is authorized to work in the United States. However, we are not able to sponsor or take over sponsorship of employment Visas at this time.
Pryon is an equal-opportunity employer and values diversity. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability.