Harvard Partners is recruiting for a Director of Information Security for a large, boutique, investment management firm located outside of Boston, MA. The Director of Information Security is responsible for leading the Vulnerability Management function as well as the security Incident Response Function.
This position reports to the Vice President, Information Technology.
- Lead the corporate information security operation providing data and application security services, including penetration testing, vulnerability scanning and mitigation, forensics, event and incident response, and related security services
- Manage a team of outsourced Information Security Analysts
- Develop information security policies and strategies in accordance with company policies
- Provide leadership to various teams regarding information security including security architecture, information security risk management, and overall security program administration
- Liaises with other information security program stakeholders, including Application Development and Architecture, internal audit and compliance, legal, HR, and Procurement
- Develop security requirements and recommend solutions for new technology projects and changes to current environments and applications.
- Manage and coordinate the implementation of security products, services and tools according to company standards.
- Develop and maintain budgets, time reporting, system metrics and delivery metrics
- Assist staff with the execution of intrusion detection, monitoring, vulnerability assessments and penetration studies; assistance with the investigation and resolution of IT security incidents.
- Develops, oversees, and drive the execution of remediation/corrective action plans related to information and technology risk management issues
Education & Experience
- 7 – 10 years of progressively responsible experience in the information security field
CISSP, CISM or equivalent certification required
- Experience creating and implementing security policies in a Financial Services environment (Investment Management preferred). Familiarity with government regulations
- Experience working with global security policies (i.e., UK, Tokyo, Singapore)
- Strong project management experience with demonstrated ability to determine and deploy resources to achieve goals on time and in the most efficient and cost-effective way
- Ability to think strategically and communicate those thoughts at the highest level of the organization.
- A firm understanding of IT Security policies, standards and related procedures
- Knowledge and experience in maintaining operational computer and network security, firewall administration, virus protection, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems
- Experience with interfacing/managing outsource vendor relationships
- Experience with firewall configurations, network intrusion detection, penetration testing, vulnerability analyses and incident response and investigation
- First-hand knowledge of security in an SAP, Cisco, Windows Server environment is required
- A strong, detailed-oriented communicator with demonstrable experience being creative, working with agility, and thinking outside the box. We are looking for a leader, someone willing to solve problems, and overcome roadblocks
- Bachelor’s degree in computer science, mathematics or a related field of study