Apply on Employer Site

City of Philadelphia · 8 hours ago

Director of Information Security

Philadelphia, PA

Full-time

Onsite

Director/Executive

$120K/yr - $130K/yr

10+ years exp

The City of Philadelphia is a vibrant place to work, offering numerous opportunities for career growth. As the Director of Information Security, you will safeguard the confidentiality, integrity, and availability of the Philadelphia International Airport's information assets, leading strategic initiatives to mitigate cyber threats and ensure compliance with industry regulations.

Law EnforcementNewsPublishing

No H1B

U.S. Citizen Only

Responsibilities

Collaborate with the CISO and senior leadership to develop and maintain the organization's information security strategy, policies, and procedures

Provide strategic direction and guidance to the information security team, aligning security initiatives with business objectives and risk tolerance

Lead the identification, assessment, and prioritization of information security risks, threats, and vulnerabilities across the organization’s IT infrastructure and systems

Implement risk mitigation strategies and controls to address identified risks effectively

Develop capabilities to manage third party Cybersecurity risks

Execute strategies for continuous monitoring of network traffic, system logs, and user activities to identify unauthorized or suspicious behavior

Review security monitoring tools, technologies to detect and alert potential security incidents and anomalies

Maintain incident response plans and procedures to effectively respond to and mitigate security incidents

Lead the investigation of security breaches and incidents, coordinating response efforts and implementing corrective actions as necessary

Assess and manage risks associated with third-party vendors and service providers, ensuring contractual obligations and security requirements are met

Develop processes for evaluating monitoring vendor security posture and performance

Oversee the implementation and maintenance of security technologies and tools, ensuring they effectively identify, protect, detect, respond, and recover to security threats & vulnerabilities

Lead change management committee for reviewing, approving, and implementing changes and ensuring security controls, configurations are updated and maintained

Foster open communication and collaboration among stakeholders, creating forums for dialogue to facilitate decision-making and address concerns related to change initiatives

Qualification

Information Security StrategyRisk ManagementSecurity OperationsCompliance KnowledgeSecurity ArchitectureVendor ManagementIncident ResponseTeam BuildingAnalytical SkillsStrategic PlanningLeadership SkillsCommunication SkillsProblem-Solving Skills

Required

Bachelor's degree in Computer Science, Information Technology, Information Systems or a related field; Master's degree preferred

Minimum of 10 years of progressive experience in information security, with 5 years of leadership or managerial experience

Proven track record of developing and implementing information security strategies and initiatives in alignment with NIST Cybersecurity Framework

Experience with conducting risk assessments, vulnerability assessments, and developing risk mitigation strategies

Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization

Strong analytical and problem-solving abilities, with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously

In-depth knowledge of cybersecurity principles, technologies, and best practices

Strong understanding of regulatory requirements and compliance frameworks

Excellent leadership, communication, and stakeholder management skills

Strong leadership and management skills are essential for effectively leading a team of security professionals

Proficiency in risk management is necessary for identifying, assessing, and mitigating information security risks

In-depth knowledge of security architecture and design is necessary for developing and implementing robust security controls

Expertise in security operations is essential for monitoring, detecting, and responding to security threats and incidents

A comprehensive understanding of compliance and regulatory requirements is crucial for ensuring that the organization's security practices align with relevant standards and regulations

Excellent communication and presentation skills are needed for effectively conveying complex security concepts to non-technical stakeholders

Strategic planning and execution skills are essential for developing and implementing a comprehensive information security strategy aligned with business objectives

Proficiency in vendor management is necessary for evaluating and selecting security vendors and managing vendor relationships effectively

Strong team building, and development skills are crucial for fostering a collaborative and high-performing security team

Preferred

Relevant certifications such as CISSP, CISM, or CRISC are highly desirable

Experience with security compliance frameworks (e.g., CIS, NIS CSF, NIST RMF, ISO 27001) is a plus

Proficiency in analyzing, evaluating security threats and vulnerabilities, as well as assessing the potential impact on the organization

Extensive experience in conducting thorough risk assessments, vulnerability assessments, and penetration testing to identify and prioritize security risks

Ability to architect and integrate security solutions into the organization's infrastructure, ensuring the confidentiality, integrity, and availability of information assets

Commitment to staying updated on emerging security threats, trends, and technologies

Ability to adapt to evolving security challenges and requirements, proactively adjusting security strategies and tactics to address new threats and vulnerabilities

Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls

Coordinate information security and risk management projects with resources from the IT organization and business unit teams

Familiarity with cybersecurity principles, tools, and best practices

Benefits

Comprehensive health coverage for employees and their eligible dependents

Our wellness program offers eligibility into the discounted medical plan

Employees receive paid vacation, sick leave, and holidays

Generous retirement savings options are available

Pay off your student loans faster - As a qualifying employer, City of Philadelphia employees are eligible to participate in the Public Service Loan Forgiveness program.

Enjoy a Free Commute on SEPTA - Starting September 1, 2023, eligible City employees will no longer have to worry about paying for SEPTA public transportation.

Unlock Tuition Discounts and Scholarships - The City of Philadelphia has forged partnerships with over a dozen esteemed colleges and universities in the area, ensuring that our employees have access to a wide range of tuition discounts and scholarships.