Director, Information Security
ViacomNew York, NY
Full Time Job
The Director Information Security’s primary job responsibility is to reduce risk to Viacom Information and Information Systems through the understanding and use of various data security technologies, applications, methodologies and industry standards. The Director Information Security will be a senior technology professional able to provide advanced expertise in Information Security Technologies and risk reduction strategies. In addition to daily operational responsibilities this role will be responsible for the innovation and execution of people/process and technology improvements within Information Security as well as the broader MTS group.
• Understands industry standard Information Security process and technology.
• Works independently applying in-depth knowledge of multiple Information Security technologies (IPS/Firewalls/Anomaly Detection etc.), as appropriate.
• Accomplishes staff results by communicating job expectations; planning, monitoring, and appraising job results; coaching, counseling, and disciplining employees; developing, coordinating, and enforcing systems, policies, procedures, and productivity standards.
• Acts as a consultant to IT professionals and business partners in their area Information and Cyber Security risks and controls.
• Performs sophisticated analysis of Information Security related logs and log data to surface potential Information Security risk and concerns for resolution. Escalate findings and recommendations to management.
• Effectively uses the Viacom Information Security Application and Services Portfolio to reduce risk to Viacom Information and Information Systems.
• Proactively makes risk reducing recommendations to appropriate business units regarding the development of new or existing services.
• Proactively looks for innovative approaches to maintaining and improving the Viacom Information Security Framework.
• Maintain broad experience in Information Security and has the ability to identify and leverage technical experts in different specialized fields across other departments.
• Participates in Incident Response training initiatives and when required ensures active participation in the incident response lifecycle governed by the Technical CERT Policy.
• Ensure all of the services and or applications supported are consistently performing as intended this includes coordinating upgrades and or improvements.
• Frequently reviews any tickets in any service ticketing queues related to the group managed to ensure proper ticket closure.
• Perform vulnerability scans which include analysis and coordinating remediation.
• Conduct anomaly detection analysis and coordinate remediation.
• Conduct intrusion detection analysis and coordinate remediation.
• Participate in litigation support associated with Electronic Stored Information.
• Participate as appropriate in the planning and implementation of any Viacom Information Security projects.
• Participate as appropriate in any Information Technology or Business unit project noting any information security gaps or implications.
• Perform security risk evaluations and penetration assessments.
• Supports the company’s risk management program in a manner that fulfills the mission and strategic goals of the organization while complying with local, state and federal laws and accreditation standards.
• Proactively identifies creative risk solutions to decrease loss of data, increase the data protection mechanisms and controls throughout the enterprise.
• Has experience working with Cloud Vendors to extend security visibility and controls off premise.
• Develop polices, procedures and related guidelines.
• Typical candidates will possess 7 years in IT related field and 5 years of full time Information Security Technical management experience.
• The OSI / TCP/IP protocol stack.
• Vulnerability scanning, intrusion detection, anomaly detection and associated technologies.
• Layer 2, 3 and 4 infrastructure designs and functionality.
• Windows, UNIX, and Linux OS hardening best practices.
• The latest hacking techniques and appropriate countermeasures.
• Firewalls, rule base analysis, stateful inspection, encryption and associated algorithms.
• Common threat analysis methodologies such as SANS and OWASP.
• Identity and Access Management methodologies.
• Authentication Platforms, which includes but is not limited to LDAP and Active Directory.
• Federated Authentication Platforms and associated protocols.
• Incident Handling and Incident Response Methodologies.
• Having the following Certs is also a plus: CISA,CISSP, CISM, CEH, EnCe, ITIL and SANS (GCIA, GCIH, GCFA)
• BA/BS degree or equivalent preferred.
• Goal driven individual with strong technical, interpersonal, communication and organizational skills.
• Makes a commitment to helping create a “transparent culture of service” which fosters an open, honest, candid workplace within the teams managed.
• Embraces and fosters “innovation” by working on new things in new ways every day
• Develop a global perspective with consideration for local business needs.
• Acts as an Information Security subject matter expert and is comfortable interacting with employees at all levels and roles.
• Resource management skills, capable of managing contract employees.
• Acts responsibly with sensitive and confidential information.
• Is creative and resourceful as a problem solver.
• Consistently demonstrates the drive to deliver projects successfully even under difficult timelines.
• Has strong logical, analytical, methodical, investigative and auditing skills.
• Knows when to make practical rational decisions that reduce risk to Viacom information and Information systems.
• Excellent verbal and written communication.
• Travel domestically and internationally if required and with short notice.
• Must be reliable and available 24/7 if required.