Associate Director - Cybersecurity Posture and Hygiene (Remote)
Scorpion Therapeutics, New Bremen, Ohio, United States
Role Summary
The Associate Director, Security Posture and Hygiene leads the strategy, design, and implementation of the security posture and hygiene program across a diverse and complex infrastructure. The role focuses on enhancing cybersecurity measures, monitoring and remediating gaps, and leveraging CIS Top 18 controls to strengthen defenses. This position is remote, with potential to be based anywhere in the U.S.
Responsibilities
Develop a comprehensive strategy for the security posture and hygiene program.
Assemble and manage a team dedicated to implementing, assessing, and maturing the CIS Top 18 critical controls and their associated safeguards.
Develop and execute strategies for continuous monitoring and improvement of security controls and configurations across enterprise systems.
Ensure the hygiene of security configurations by establishing and enforcing policies, procedures, and standards to prevent unauthorized access, data breaches, and other cyber threats.
Collaborate with IT, network, and other relevant departments to align security measures with organizational goals and compliance requirements.
Develop and maintain comprehensive documentation on security controls, assessments, incidents, and improvements.
Conduct regular assessments to determine the maturity of each security control, identifying areas for improvement and recommending enhancements.
Foster strong partnerships with technology and domain stakeholders to ensure seamless integration and compliance of security practices across the enterprise.
Stay abreast of the latest cybersecurity trends, threats, and technologies to adapt and evolve our security strategies accordingly.
Lead initiatives to educate and train team members and the wider organization on cybersecurity good practices and the importance of a forward-thinking security posture.
Ensure that all security programs and initiatives adhere to relevant laws, regulations, and policies, continuously updating practices to meet new standards.
Oversee daily operations, including targeted assessments, risk management, and response strategies, ensuring a high level of security and resilience against cyber threats.
Build collaborative relationships and partner effectively with business and technology senior leaders.
Maintain expert-level professional and technical knowledge in relevant domains.
Build metrics and dashboards that provide stakeholders with actionable insights into the security posture of technologies.
Qualifications
Bachelors Degree and 9 years of experience OR Masters Degree and 8 years of experience OR PhD and 4 years of experience
Proven leadership in cybersecurity, with extensive experience in managing security posture and hygiene strategies within complex and diverse IT environments
Expert knowledge of operating systems, networking protocols, systems administration, X as a service, applications, and security technologies
Expert knowledge and application of cybersecurity terminology, concepts, and the cyber threat landscape and attack vectors
Deep understanding of risk management principles and the ability to integrate these into security practices
Experience with the CIS Top 18 controls and familiarity with the CIS Controls Implementation Groups (IGs) methodology
Demonstrated ability to innovate and adapt in response to a constantly changing environment
Advanced critical thinking, problem solving, and analytical skills
Strong leadership and collaboration skills with business and technical groups
Excellent written and verbal communication and listening skills, with the ability to effectively convey technical insights to technical and non-technical stakeholders
Demonstrated ability to interface effectively with clients, IT management, and staff
A sincere desire to learn, grow, and go beyond personal capabilities, staying abreast of the latest developments in the cybersecurity landscape
Professional cybersecurity certifications (e.g., CISSP, CISM, CIS Controls, etc.) are highly desirable
ul> Education
Bachelors Degree with related experience, or higher degrees as noted in qualifications
#J-18808-Ljbffr
Responsibilities
Develop a comprehensive strategy for the security posture and hygiene program.
Assemble and manage a team dedicated to implementing, assessing, and maturing the CIS Top 18 critical controls and their associated safeguards.
Develop and execute strategies for continuous monitoring and improvement of security controls and configurations across enterprise systems.
Ensure the hygiene of security configurations by establishing and enforcing policies, procedures, and standards to prevent unauthorized access, data breaches, and other cyber threats.
Collaborate with IT, network, and other relevant departments to align security measures with organizational goals and compliance requirements.
Develop and maintain comprehensive documentation on security controls, assessments, incidents, and improvements.
Conduct regular assessments to determine the maturity of each security control, identifying areas for improvement and recommending enhancements.
Foster strong partnerships with technology and domain stakeholders to ensure seamless integration and compliance of security practices across the enterprise.
Stay abreast of the latest cybersecurity trends, threats, and technologies to adapt and evolve our security strategies accordingly.
Lead initiatives to educate and train team members and the wider organization on cybersecurity good practices and the importance of a forward-thinking security posture.
Ensure that all security programs and initiatives adhere to relevant laws, regulations, and policies, continuously updating practices to meet new standards.
Oversee daily operations, including targeted assessments, risk management, and response strategies, ensuring a high level of security and resilience against cyber threats.
Build collaborative relationships and partner effectively with business and technology senior leaders.
Maintain expert-level professional and technical knowledge in relevant domains.
Build metrics and dashboards that provide stakeholders with actionable insights into the security posture of technologies.
Qualifications
Bachelors Degree and 9 years of experience OR Masters Degree and 8 years of experience OR PhD and 4 years of experience
Proven leadership in cybersecurity, with extensive experience in managing security posture and hygiene strategies within complex and diverse IT environments
Expert knowledge of operating systems, networking protocols, systems administration, X as a service, applications, and security technologies
Expert knowledge and application of cybersecurity terminology, concepts, and the cyber threat landscape and attack vectors
Deep understanding of risk management principles and the ability to integrate these into security practices
Experience with the CIS Top 18 controls and familiarity with the CIS Controls Implementation Groups (IGs) methodology
Demonstrated ability to innovate and adapt in response to a constantly changing environment
Advanced critical thinking, problem solving, and analytical skills
Strong leadership and collaboration skills with business and technical groups
Excellent written and verbal communication and listening skills, with the ability to effectively convey technical insights to technical and non-technical stakeholders
Demonstrated ability to interface effectively with clients, IT management, and staff
A sincere desire to learn, grow, and go beyond personal capabilities, staying abreast of the latest developments in the cybersecurity landscape
Professional cybersecurity certifications (e.g., CISSP, CISM, CIS Controls, etc.) are highly desirable
ul> Education
Bachelors Degree with related experience, or higher degrees as noted in qualifications
#J-18808-Ljbffr