Senior Director, Information Security Operations - Remote
Posted on: January 16, 2022
The Senior Director, Information Security Operations will manage
a team of highly skilled Information Security professionals
responsible for designing, implementing, and operating controls
that safeguard BlackLines information resources. The Senior
Director will assess and identify business security needs,
prioritize work streams, oversee projects, establish and manage
operational budgets, priorities and resources, design and manage
operational metrics, prepare technical and executive security
operation reports. This role encompassed operational security
management, application security management, as well as subject
matter advisory and education responsibilities. The Senior Director
will closely influence and collaborate with engineering management
to design, implement and operate technical security controls that
protect the confidentiality, integrity and availability of
information and systems. In addition, the role will work together
with the Information Security Governance, Risk, and Compliance
teams to manage security risks and operate the companys information
security management system. This technically inclined leadership
role requires a motivated individual and experienced people manager
who will take a comprehensive, business-aligned approach to
managing technology and talent, liaise among departments, negotiate
complex priorities and deadlines, and provide visibility into
technical aspects of the companys information security
program.Roles and ResponsibilitiesInformation Security program
- Design, implement, and maintain InfoSec operational standards,
policies, processes, and procedures.
- Identify, manage, and communicate portfolio of information
security projects and align security initiatives with business
objectives and risk tolerances.
- Influence and partner with product and technology teams to
ensure that information security policies and standards are
- Actively participate and provide professional expertise to
information security forums, communities, and industry-specific
- Evangelize security-centric culture and promote security best
practices within the organization.
- Lead/elevate security conversations and be the decision maker
for operational security matters.
- Collaborate with key stakeholders (Enterprise Risk Management,
Legal, HR) on information security risk management and related
organizational governance processes.Security Architecture and
- Manage operational security capacity, strategy, tools, and
- Oversee product and development security, and ensure
implementation of security standards and configuration
- Define, manage, and monitor infrastructure, cloud, and end-user
- Be an active influencer and participant in architecture and
strategy discussions with internal stakeholders, partners, and
- Research industry best practices, current trends, threats and
vulnerabilities; recommend relevant changes to the companys control
- Collaborate with infrastructure teams to devise and implement
effective solutions to maintain adequate infrastructure and cloud
security posture.Security Operations
- Manage security operations technologies, processes, and
- Oversee vulnerability management, threat intelligence, security
monitoring, incident management, and remediation activities.
- Work with technology operations teams to perform security risk
assessments, intrusion testing, implementation and validation of
- Develop, manage and lead incident response and forensic
- Lead security conversations and be the escalation point for
security incidents & investigations.
- Continuously evaluate security processes, tools, and
operational capabilities, and timely adjust them to maintain
effective and efficient operational security processes and
- Design, manage, and communicate operational security metrics to
technical team, key business stakeholders, and executive
- Work closely with Product Management and Engineering on
securing software development lifecycle and ensuring alignment with
secure coding practices.
- Develop and manage program to measure and maintain code
development and code delivery security.
- Establish and manage application security testing, architecture
reviews, code security audits, vulnerability scans, software
- Design, communicate, and track application security metrics to
engineering and executive audiences.
- Interact and provide consulting perspective to customers on
technical security topics.Required QualificationsYears of
Experience in Related Field: 10+
- CS, Engineering, or technical operations background with 10
years of experience in information security including 7+ years of
progressive management experience.
- 5+ years of cloud security management experience.
- Expertise with current InfoSec concepts, technologies, industry
trends, methods and techniques, and operational processes.
- Mature metrics-driven and process-driven team leader, team
builder, and team mentor.
- Proven track record of effectively managing core information
security tools and processes (e.g.: patch management, log
management, malware management, network access control, threat and
vulnerability management, web filtering, firewalls, proxies, APT,
IDS, DLP, HIDS/NIDS, SOAP, SIEM, incident response, XDR, SOAR)
- Solid understanding of networking fundamentals and commonly
used network protocols and services.
- Working knowledge of encryption algorithms and related
technologies, TLS, PKI, encryption of databases and data at
- Solid knowledge of common web application platforms, common
vulnerabilities, and exploitation techniques.
- Strong understanding of SSDLC, OWASP, web application
development, code auditing, manual and automated security testing
methods, penetration testing
- Advanced written and verbal communication skills including the
ability to visualize technical and security topics for
- Ability to evaluate situational risks, operate effectively
under ambiguous circumstances, and address confidential and
potentially uncomfortable issues.Preferred Qualifications
- Engineering or operations background with prior hands-on
- Prior experience supporting 24x7 mission-critical technology
- Multi-cloud control design and integration experience.
- SaaS, software development environment and software delivery
Keywords: Blackline, Chicago , Senior Director, Information Security Operations - Remote, Executive , Chicago, Illinois
Didn't find what you're looking for? Search again!