Listing Description
About the job
The driving force behind our success has always been the people of AspenTech. What drives us, is our aspiration, our desire and ambition to keep pushing the envelope, overcoming any hurdle, challenging the status quo to continually find a better way. You will experience these qualities of passion, pride and aspiration in many ways — from a rich set of career development programs to support of community service projects to social events that foster fun and relationship building across our global community.
The Role
The Sr. Director of Cybersecurity will report to AspenTech’s CIO & CISO and will have responsibility for all information security and compliance efforts in support of AspenTech’s global business. This role will be primarily responsible for implementing a Cybersecurity program aligned with the NIST framework and for reducing the Cybersecurity risk to the company. This role also includes the oversight, coordination, and management of incident response and remediation of Cybersecurity incidents.
Your Impact
- Lead a Cybersecurity organization that is global and structured to align with the NIST functions of identify, protect, detect, respond, and recover.
- Implement a Cybersecurity roadmap that is aligned with the NIST framework to improve the company’s Cybersecurity maturity.
- Work with internal executives, line of business leaders, and Board to present current state, future state, and strategy.
- Lead in the development of Cybersecurity policies, standards, and playbook that aligns with industry leading standards - e.g. NIST, ISO-27001,SOC3 type II.
- Lead review of customer contracts for Cybersecurity terms working with sales, ops, and legal organizations.
- Work closely with other members of the IT leadership team to enhance cyber security posture in all areas of Information Technology used throughout the organization.
- Lead Data Privacy efforts to ensure that the company is up to date with relevant data privacy regulations such as GDPR, etc.
- Partner with external organizations & government agencies to identify and evaluate global cyber security threats.
- Working in conjunction with the Legal team, lead all aspects of the incident response process from initial investigation through root cause analysis. Keeping all appropriate parties informed during the incident response process. Drive process changes to avoid repeat occurrences of the same incident. Work with the Legal team to support forensic investigations and industry regulations - e.g. SEC Cybersecurity disclosure rules.
- Drive and own any related merger & acquisition activity including Cyber due diligence and integration on behalf of the company and the acquired companies.
- Provide strategic inputs into budget management and planning.
- Provide coaching, feedback, developmental opportunities, etc. to direct/indirect reports within a broader team.
- Develop Business Continuity and Disaster Recovery policies/plans to recover from a cyber incident.
- Work with senior leaders across functional boundaries to enhance the security posture of the organization globally.
- Support vendor relationships and contract management for key security vendors, including development of a security vendor strategy.
What You'll Need
- Bachelor’s degree in computer science or in “STEM” Majors (Science, Technology, Engineering and Math).
- MBA Preferred.
- Minimum of 10 years in a Cyber Security Leadership position.
- 10+ years’ experience with Cloud security, internal information security, and software product development lifecycle security, including data protection of intellectual properties.
- Experience working in a Department of Defense, or another intelligence agency preferred (DNI, DOI, DHS, NSA, etc.).
- Experience with CMMC, FERC, SOC, NIST, IL5/6, FedRamp and GDPR.
- Background in high tech or software industry is preferred.
Listing Details
- Salary: $220000 - $250000
- Citizenship: Us Citizen
- Incentives: Both
- Education: Not Provided
- Travel: Not Provided
- Telework: Full Telecommute