Director, Information Security Management

Aerojet Rocketdyne (Huntsville AL, USA) 2 days ago

Aerojet Rocketdyne is a world-recognized aerospace and defense leader providing propulsion and energetics to its space, missile defense, strategic, tactical missile and armaments customers throughout domestic and international markets. We offer a complete line of propulsion products for launch vehicles, missile defense, and advanced hypersonic propulsion.

Do you want to be part of a collaborative problem-solving cyber defense team? We are seeking a Director of Cyber Operations with in-depth leadership experience developing high performing teams, expert knowledge across Cyber Security domains and ability to communicate masterfully across the enterprise. This position may be located at any of our locations in Huntsville AL, Canoga Park (Los Angeles area) CA, Sacramento CA, or Redmond (Seattle area) WA.

The director of security operations is responsible for overseeing daily operations, project delivery and security services delivered by a 24x7 managed security service provider. As Director of Cyber operations, you will be responsible for developing and influencing adoption of the strategic direction for the function. Maturing and optimizing the Predict, Prevent, Detect and Respond capabilities to maintain stakeholder confidence in protecting the enterprise will be a key focus area. This role will be responsible for providing advice and guidance to senior leaders on potential risks to the company and mitigations. The leader is expected to drive organizational change by executing flawlessly, applying strategic thinking, communicating masterfully and partnering effectively with various assurance functions proactively to influence implementation of security controls to protect the company against cyber threats.

Additionally, we are looking for a transformational leader that inspires business enablement through a combination of creativity and strong security competency based on proven experience. This leader will define the cyber security strategy and implementation plan for designing and implementing controls across the enterprise. The Security Architect is responsible for directing the program to develop, maintain, implement and leverage foundational controls by embedding security by design in architecture, infrastructure and applications across the company. The architect is also responsible for defining security standards and control requirement processes and leading the integration of these processes with other related business and IT processes.

Cyber Operations responsibilities:

  • Responsible for designing, creating and maintaining the security systems within it IT network, including the computer systems and data
  • Monitor all operations and infrastructure. Lead a team to review and analyze alerts and logs in order to monitor control and protect the organization’s digital security footprint
  • Monitor internal and external policy compliance ensuring both vendors and employees understand the cybersecurity risk management policies, standards and operate within the established framework
  • Establishes Cyber Security governance framework with security managed services provider
  • Oversees Security Operations Center (SOC) activities performed by the managed services provider daily
  • Partner with key internal stakeholders to ensure that security monitoring strategy and security plan is in conformity with the overall system security plan and strategy
  • Manage and maintain the security incident response strategy, standards, and processes; assist in creating and maintaining appropriate security standards and procedures governing data, networks, and application systems
  • Analyze, recommend and implement monitoring and compliance procedures based on external and internal information security risk and vulnerability assessments
  • Maintain security and operational efficiency metrics through comprehensive reporting, including dynamic data mining, historical reporting, self-auditing and tracking capabilities
  • Lead cyber council discussion with senior leadership and other stakeholders about active security threats, metrics and incidents
  • Keep current with new developments in the security industry including advisories, malware, vulnerabilities and viruses; evaluate and report on their potential business impact
  • Work with internal teams to continually improve processes used to identify security issues
  • Ensure timely proactive identification and reporting of security gaps and vulnerabilities to the network
  • Provide coaching and mentoring to security operations leaders and team members, recommend training as appropriate, and provide guidance
  • Support negotiations on scope of work as well as manage work with outside vendors / integrators. This includes SOW, MSA, and NDA's
  • Understands when to escalate and can influence without direct authority
  • Incident handling and forensics skills including knowledge of common probing and attack methods, network/service discovery, system assessment, viruses, and other forms of malware
  • Knowledge of confidentiality of information, privacy protection, data security and other information security issues important in a DOD regulated industry

Security Architect responsibility:

  • Leads the identification and analysis of enterprise business drivers to derive enterprise business, information, technical and solution architecture requirements
  • Analyzes industry, technology, and market trends to determine their potential impacts on the enterprise
  • Analyzes the current business and IT environment to detect critical deficiencies and recommend solutions for improvement
  • Consults with program/project teams to fit solutions to architecture across all viewpoints
  • Works with managed services provider to create an architecture framework from the enterprise level down to the solution architecture level
  • Maintain regular engagement and partnership with business and technology teams to ensure assigned strategies align with business and technical needs, requirements, and constraints
  • You will contribute to the enterprise cloud architecture and lead the security strategy around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS)
  • Contribute to the collective information security strategy to ensure that future security investments are aligned with priorities, requirements, industry threat landscape, and organizations risk appetite
  • Provide input to solution deployments to ensure that solutions are deployed following the stated security strategy and roadmap
  • Analyze industry threats and trends to adjust the security strategy accordingly
  • Assess security technologies, tools, and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics, and efficacy
  • Participate in application and infrastructure projects to provide security-planning advice
  • Develop and maintain a security architecture processes that enables the enterprise to develop and implement security capabilities that clearly aligned with business, technology, and risk drivers.
  • Develop and maintain security architecture artifacts (e.g. models, templates, standards and procedures) that are used to leverage security capabilities in projects and operations
  • Participate in application and infrastructure projects to provide security planning advice
  • Draft security procedures and standards for reviewed and approval by appropriate stakeholders
  • Determine baseline security configuration standards for operating systems, network segmentations, applications, Identity and Access Management
  • Conduct threat modeling of services and applications that tie to the risk and data associated with the service or applications
  • Ensure a complete, accurate, and valid inventory of all systems, infrastructure, and applications that should be logged by the Security Information and Event Management (SIEM)
  • Establish a taxonomy of Indicators of Compromise (IOCs) and share with all IT stakeholders
  • Validate IT, Supplier infrastructure, and other reference architectures for security best practices and recommend changes to enhance security and reduce risk, where applicable
  • Validate security configurations and access to security infrastructure tools, including firewalls, IPS, WAFs, EDDR, DLP, email filter, proxy filter, and other security tools
  • Liaise with internal Audit team to review and evaluate the design and operational effectiveness of cyber security related controls
  • Review and stay current on security technologies, tools, services, and processes and make recommendations to the broader security, IT teams, compliance teams for their use, based on security, financial, and operational metrics
  • Coordinate with operational and facility management teams to assess the physical and operational security and Internet of Things systems
  • Liaise with other security, enterprise, architects and security practitioners to share best practices
  • Examine internal cyber security controls, evaluate the design and operational effectiveness, determine exposure to risk and develop remediation strategies
  • Communicate complex technical issues in a simplified manner to relevant staff and management
  • Other duties as assigned.

S/he proactively shares knowledge of technology risks and opportunities to improve efficiency and effectiveness

of the Cyber Security and Enterprise Architecture. S/he partners with business leadership and other key stakeholders to define opportunities and prioritize IT Business Requests and projects based on predefined criteria (e.g. return on investment, productivity, compliance, legal, operational risk reduction, and contractual requirements).

Requires a Bachelor's degree in an appropriate discipline and at least fourteen (14) years of business/industry work experience with a broad range of exposure to various business segments and technical environments.

Additional Requirements:

  • At least 5 years of experience with managing team(s) responsible in strategic planning, project portfolios, business enablement or client management.
  • Must be able to obtain and maintain a U.S. Security Clearance at SECRET level. Requires U.S. Citizenship, U.S. Permanent Residency or other status as a U.S. Person. Must be able to satisfy federal government requirements for access to government information, and having dual citizenship may preclude you from being able to meet this requirement.
  • More than 10 years of relevant work experience, including consulting and general industry experience.
  • Certification in CISM, CISSP-ISSA, MCSE, CCNA or TOGAF/DoDAF/SOA is preferred.
  • Knowledge of national regulatory compliances and frameworks such as NIST 800-53v4, NIST 800-171, ISO, SOC2, BASEL II, EU DPD and HIPAA.
  • Operate at advanced level of written and spoken communications; write and speak effectively with impact.
  • Familiar with architecture technologies and concepts: frameworks, collaboration, business strategies.
  • Demonstrated technology skills across business, applications, data, and infrastructure architecture domains, and experiences in development lifecycle management.
  • Extensive experience in systems, network, endpoint, and application security.
  • Excellent knowledge of information security technology, such as firewalls, intrusion detection systems (IDS), access management, anti-malware, SIEM technologies.
  • Extensive multiple domain knowledge with routers, switches, firewalls, NT, and UNIX systems.
  • Team and collaboration orientation.
  • Bachelor’s Degree in Information Technology/Computer Science or related degree.
  • Experience with Active Directory, IIS, Windows servers, SQL Server, Firewalls, Routers, WAPs, End Point Security, Virtualization Technologies, Mobile Device Management, Application Management, VPN, Asset Management, Patch Management, Vulnerability Scanners, , and Threat Hunter technologies.
  • Ability to work in a fast paced environment.
  • Strong attention to detail with an analytical mind and outstanding problem solving skills.
  • Great awareness of cyber security trends and hacking techniques.
  • Experienced with all forms of information technology security, policy writing, auditing, and compliance.
  • Experienced in on premise, cloud and software as a service models for infrastructure.
  • Experienced in creating, maintaining, and auditing IT policy controls and procedures.

Desired Qualifications

  • Certified Information Security Auditor (CISA) certification.
  • Cybersecurity Forensic Analyst (CSFA) certification.
  • Certified Risk and Information Systems Control (CRISC).
  • Certified Security Analyst (ECSA).
  • Certified Ethical Hacker (CEH).
  • Proven experience in planning and validating Business Continuity.

Preferred Qualifications

  • Operational execution excellence.
  • Strong organizational skills.
  • Intellectual curiosity and the ability to question thought partners across functional areas.
  • Nimble LEAN and ARBOS thinking to drive change that enables efficiencies and drives growth.
  • Experience with and understanding of emerging technologies and their impact on enterprise architectures: Service Orientated Architecture, enterprise frameworks, message based information exchange, etc.
  • Experience in Aerospace and Defense highly desirable.
  • Knowledge of Security Across Various Platforms.
  • Fundamental Computer Forensics Skills.
  • Minimum five years’ proven experience in IT leadership role global corporate environment.
  • Significant and extensive people leadership experience managing integrated and high performing teams.
  • Must exhibit a leadership style that exhibits strategic thinking, collaboration, direct communication and results orientation.
  • Demonstrates executive-level written and verbal communication skills with exceptional interpersonal and collaborative skills.
  • Proven ability to manage in a complex operating environment, including multiple vendors and agile teams.
  • Protects our customers, our employees, and our brands by incorporating security and compliance across all financial elements.
  • Bachelor’s degree and 10+ years of related experience OR combination of education and experience; MBA or advanced degree Finance preferred.
  • Must be committed to incorporating security into all decisions and daily job responsibilities.

Being fully vaccinated for COVID-19 is a condition of employment at Aerojet Rocketdyne. Proof of vaccination or an accommodation request approved by Aerojet Rocketdyne will be required prior to starting employment with the Company.

May be required to obtain and maintain a U.S. Security Clearance at the appropriate level. Requires U.S. Citizenship, U.S. Permanent Residency or other status as a U.S. Person. Must be able to satisfy federal government requirements for access to government information, and having dual citizenship may preclude you from being able to meet this requirement.

Work Environment and Physical Requirements

Employees in these positions must possess mobility to work in a standard office setting and to use standard office equipment, including a computer; stamina to sit and to maintain attention to detail despite interruptions; may occasionally lift/carry/push/pull up to 15 pounds; may require minimal walking, climbing, stooping, crouching, and/or bending; and vision to read printed materials and a computer screen, and hearing and speech to communicate in person and over the telephone. May require the ability to travel by air or auto. May require the use of personal protective equipment such as safety glasses, safety shoes, and shop coat. These positions may be expected to work varying shifts and hours to ensure successful operation of activities in the organization.

Director, Information Security Management

Apply On Company Site
Back to search page