Full Job DescriptionCompany Description
Our company is experiencing explosive growth, and we need to talented engineers who want to grow with us!
The rapid growth of e-commerce business in the COVID era has benefited our logistics company. We have landed some of the largest customers in the world! We have parcel sortation facilities across the United States, and are deploying new facilities at a break-neck rate. All of this runs on our own home-grown high capacity technology stack, which is where you come in!
We are building the highly scalable architecture to support this growth. Over the next decade, our technology team will be going deep into warehouse automation, AI, ML, IoT, and data technologies.
Our primary development team in Bangalore is core to our vision. We intend to grow our Bangalore division long-term, as a first-class part of the ACI family, investing heavily in talent and leadership.
https://www.buildwithaci.com
Job Description
The Director of Information Security is responsible for ensuring the integrity of the company’s information resources at the network, operating system, and application levels by researching, recommending, and developing security architecture, as well as leading the implementation of appropriate technical and procedural solutions. This position provides expert-level support for complex security issues in the application, network, and distributed operating systems environments. The scope of responsibilities includes but not limited to all endpoints, network, and server operating systems platforms throughout ACI Group. This role will make strategic and tactical Information Services’ (IS) decisions impacting the business.
Additionally, you will be negotiating compliance policies with customers, as well as with subcontractors. You will build and maintain the processes and systems that will ensure compliance of all customer data throughout our network.
Responsibilities
Develop security policies, standards, and procedures for all endpoint, network, server, and application systems as well as maintain and update Information Services (IS) Standard & Procedures
Function as the Data Privacy Officer for SCLS reporting into the CTO. Stay current on GDPR and other laws relating to data privacy compliance. Drive the program and be the point of contact as needed.
Interface with clients and vendors as necessary and performs RFPs.
Create and maintain budget for information security
Ability to create and present projects/business cases under his/her purview to the executive team and explain the need of the projects to non-technical users.
Ability to collaborate on security related projects with other leaders in the IS department
Ensure compliance with systems security best practices and other established security standards, and assist in identifying and document exceptions to these standards
Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, IEC62443, SANS-CAG, DoD Directive 8510.01, DoD Instruction 8500.01, and NIST Publications, FISMA, COBIT, COSO and ITIL
Preferred establishment and active membership with an Information Security Professional Organization such as ((ISC), ISACA, AITP, SANS, ISSA, CIS, CSA, InfraGard)
Implements necessary operating system and network controls to meet Corporate and Federal regulations (GDPR, NIST, SOX, HIPAA, FIPS, PCI) regarding appropriate separation of company systems
Security representative on Corporate projects (application, system, and network) providing security support requiring knowledge across multiple platforms and databases
Designs and supports Internet network infrastructure security
Provides technical support for security systems and authentication mechanisms on all system platforms
Proactively reviews corporate servers and the network for current and potential vulnerabilities, attempted intrusions, and takes corrective action including hardware and software upgrades for security platforms
Conducts digital forensics by collecting and presenting computer/network-related evidence in support of network vulnerability mitigation, and/or criminal, fraud, counterintelligence, or law enforcement investigations, and assists with all IS audit efforts through investigating, documenting, and reporting
Evaluates and responds to security threats and/or events by continually assessing real-time logs and performing packet analysis for the enterprise network, while measuring and documenting performance and threat/risk metrics
Conducts the integration/testing, operations, and maintenance of systems security to ensure access to cyber assets and corporate network resources maintain segregation, while documenting and updating security processes and desk level procedures
Scope of Role
Reports to the Chief Technology Officer
Assumes control of all areas of responsibility for security and compliance.
Acts as a member of the Technology Department leadership team, helping to drive the overall vision of the department
Communicates effectively with department leaders and corporate leadership
Presents on the status of projects to senior management
Empowered to deal with critical issues related to security without direction
Qualifications
Minimum Qualifications
Education
Bachelor’s Degree in Computer Science, Information Systems or other I.T. related field is required.
A minimum of 10 years of practical technical hands-on experience in a Systems Security Specialist, Information Systems Audit role, or Information Security role
One related I.T. Security professional or vendor certification:
Preferred: CISSP, CSSA, GICSP, CISM
Knowledge, Skills and Abilities
Technical proficiency, knowledge, and understand of the following:
Web and email content filtering rules, threat, and block lists
Data networking concepts and LAN/WAN topologies.
Active Directory and Group Policy in Windows Domain environment
Vulnerability Management, mitigation, and correction
Access Control Lists in relation to share, folder, and file structures
Baseline configurations for Windows Servers and Workstations
Endpoint Protection in a multi-solution layered security environment
Excellent written and verbal communication skills in addition to strong interpersonal skills
Working knowledge of the project management life cycle and systems change management processes
Skill communicating technical information to non-technical audiences both verbally and in writing
Skill in project management, time management, and initiation and execution of tasks
Skill in presenting ideas and concepts orally and in writing
Ability to effectively negotiate compliance contracts with clients, vendors, and subcontractors, collaborating with our legal team
Ability to communicate gaps in cybersecurity control design to control owners and make meaningful recommendations
Ability to relate to a diverse population and to maintain composure when faced with demanding situations
Ability to establish and maintain effective working relationships with staff, clients, vendors, and subcontractors
Additional Information
All your information will be kept confidential according to EEO guidelines.