Director of Cyber Security - Berkshire Hathaway Homestate Companies Sacramento, California Bookmark Share Print 225 0 1

Listing Description

Hybrid-Remote Role

The Director of Cyber Security is responsible for the development, implementation, and oversight of the organization’s cybersecurity program (tools, technologies, methodologies) to ensure that information security standards, practices and controls are in place to effectively manage risk to the enterprise.  This individual is a strategic technical leader, mentoring team members while partnering with other leaders to advance cybersecurity processes across the organization.

  • Responsible for the development, implementation, and execution of a comprehensive set of security standards and guideline, including but not limited to: security operations, incident response, vulnerability management, network security, data protection and loss, endpoint security, compliance program, and identity and access management.   
  • Builds and matures a culture focused on proactive risk management and cyber security best practices.
  • Responsible for the development, implementation, and execution of information security and vulnerability assessments, testing on applications, systems, and infrastructure to ensure appropriate protection of sensitive customer and company information; performs risk analysis and recommends remediation for deficiencies. Tracks and reassesses remediation(s) to ensure compliance with policies and operational standards.
  • Ensures technical enforcement of internal security policies to maintain the integrity of the networks, systems and applications utilized throughout the organization, including functionality of user access controls.
  • Leverages cyber security metrics in order to appropriately manage the program and enterprise risk. 
  • Works with and actively engages security service providers to deliver necessary services along with managing contract requirements and service level agreements.
  • Researches and benchmarks industry leading security practices and tools, validating the organization’s environment is protected with leading security solutions and services.  Examines impact of new technologies on the organization’s overall information security posture. Establishes processes to review new technologies and ensure security compliance. 
  • Responsible for the development, implementation, and execution of company-wide/departmental information security training and awareness programs.
  • Ensures program standards are in compliance with applicable State and Federal regulatory requirements.
  • Serve as lead advisory on cybersecurity matters to ensure appropriate levels of security are integrated in process designs and architecture.  Fosters relationships with various teams across the enterprise.  
  • Maintains professional and technical knowledge by attending industry workshops, conferences, and participating in personal and professional networks. 

    • WHAT WILL SET YOU APART
  • Education: Bachelor's Degree in Computer Science, Engineering, Information Technology, or related fields is required.
  • Experience:
  • Minimum of 15 years of direct experience in developing information security programs and assessing effectiveness of such programs. Minimum of 7 years of leading information security risk assessments, vendor risk management programs, developing information security awareness and education programs, managing information technology or security projects. Minimum of 7 years of effective personnel management in a large enterprise.  Expertise in cybersecurity regulatory, compliance, and framework requirements, such as NY, DFS, and NIST. Experience working with Security Incident and Event Management (SIEM) tools, endpoint detection and response tools, vulnerability management suites, and various security solutions. Experience with the following cyber security domain areas: data encryption, key management systems, web certificates, incident response and management, application security, identity and access management program, data handling and classification, web application firewalls, next gen firewalls, network zoning and segmentation, cyber resiliency, secure coding, multi-factor authentication, data loss prevention, computer forensics, BCP/DR. Knowledge of regulatory requirements such as California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), HIPPA, SOX IT GCC, FCC. 
  • Technical Skills: Expert knowledge of NIST cybersecurity framework and cybersecurity best practices. Expert knowledge of operating system, application, network, and database security architectures. Solid understanding of network and systems security, system and network configuration, and application security.
  • Certifications: Current certification on one of the following preferred: CISSP, CCISO, CISA, CISM, CRISC, CEH (must maintain current certifications).


    •  

    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!