Director, Security and Architecture
With OnSolve in Atlanta GA USMore jobs from OnSolve
Posted on November 07, 2019
About this job
Job type: Full-time
Role: System Administrator
security, cloud, clojure
OnSolve: Always On. Solving Problems.
OnSolve is the market leader in real-time, mass notification and collaboration solutions used by the world’s largest brands and thousands of government agencies to deliver critical information in any situation. Mass notification and collaboration is an essential element of emergency response and business continuity planning, keeping teams on track and coordinating during critical events. The OnSolve suite of critical communication tools is a key component of the business continuity, emergency response, IT alerting, employee safety and security programs of every organization we serve. Visit us on the Web at onsolve.com.
OnSolve is an equal employment opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other status protected by law.
Location: Any OnSolve office, preferrably Atlanta, GA
The Director of Security and Architecture will plan and carry out the information security strategy as defined by OnSolve policies to ensure the data that is entrusted to OnSolve is protected. The person in this position must stay up to date and be aware of trends and changes in the industry. This role will work with all teams across the company to ensure security features or controls are properly defined, configured and implemented to ensure confidentiality, integrity and availability of all our data.
This position is responsible for the operations of security and manages the supporting security team.
- Scope of the environments includes internal and external systems (servers, networks applications and cloud) including corporate sites and customer production sites, inclusive of development, quality control and deployment environments. Any system, or interconnected system that processes data: collects, transfers, stores, modifies, disposes - any action throughout data life-cycle.
- Scope of the functional areas includes Corporate IT, Sales and Marketing, Internal Systems, Engineering, Production Operations and other functional areas to ensure a standard approach across the enterprise.
- Monitor trends, news, vulnerability reports and other changes to the security and privacy industry.
- Research solutions for security issues identified and recommends appropriate solutions. Security issues include, but not limited to new trends, cloud, vulnerabilities, gaps, risks and others. Track non-conformity / residual items.
- Architect and design security features or controls and define the configuration requirements and implementation, as well as any processes to support the functionality. Then work with appropriate resource to ensure deployment of the security feature/control is performed correctly.
- Participate in Change/Release meetings providing guidance for remediation of security issues identified by internal security testing, external security testing or customer testing.
- Design, and execute security incident response activities related to detection, investigation, containment, eradication, recovery and return to normal operations. Ensure after action reports and remediation efforts are completed.
- Plan and carry out threat assessments and vulnerability management activities related to design, coding, configuration, auditing, scanning, testing, assessing, reporting and managing ticketing queue in conjunction with appropriate supporting team, ensuring remediation based upon SLA’s and retesting after completion.
- Ability to design technical, administrative or physical controls to meet the requirements define in industry standards such as the ISO 27001 series, NIST 800 series, FedRAMP, Cloud Security Alliance, OWASP, BSIMM, AICPA SOC 2, GDPR, and other standards or laws.
- Respond in the due diligence process for our vendors and from our customers.
- Define goals and set security metrics, provide reports on results.
- Manage, mentoring and guide the security engineering team as well as security operations.
- Promote a culture of information security.
- Other duties as assigned.
- B.S. degree in cyber security or technology discipline or equivalent related experience and training required
- Security certification such as CISSP, CSSLP, CISA, CRISC, CISM, GIAC, CCSP
- 7+ years relevant experience in a technical security role
- Ability to build the security architectural programs around the identified relevant structures
- Ability to write security design requirement documentation at the audience level required
- Ability to verbally communicate the purpose of requirements and negotiate with teams
- Understanding of systems: servers, networks, applications and cloud technology in all phases of the life cycle from ideation till retirement
- Strong knowledge of ISO standards, NIST 800 series, Cloud Security Alliance, CIS Critical Security Controls, OWASP, BSIMM, AICPA SOC 2, GDPR
- Proven ability to analyze problems and define a solution in enterprise environments
- Attention to detail, long periods of focused attention and sitting are required
- Some travel may be required
Compensation & Benefits
- Health, Dental, Vision, Life and additional supplemental insurance
- Paid time off and personal days
- Paid holidays
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.