Associate Director (Cybersecurity)
Golub Capital BDC Inc, Chicago, IL, United States
## Position Information**Hiring Manager:**Senior Director**Department:**Technology Solutions**Department Overview**The Technology Solutions (“TS”) Department is responsible for designing and delivering state of the art technology solutions that are designed to create efficiency, mitigate risk and grow revenue for the Firm. Technology Solutions is also responsible for defining, managing and executing a robust Cyber Security program following the NIST Cyber Security Framework. Technology Solutions focuses on technical excellence through innovative application designs, robust data integration and analytics, high availability infrastructure and gold level service for our key stakeholders with information security embedded throughout. Critical functions within Technology Solutions include Project Management, Vendor Management, Business Analysis, Enterprise Data Governance and Stewardship, Application Development and 3rd Party Integration, Strategic and Secure Infrastructure and Operations. The Technology Solutions Department collaborates closely with Firm leadership and business unit heads to develop plans in line with business objectives.**Position Responsibilities**TS seeks a candidate with a strong security mindset, deep passion for cyber and information security and a proven record of driving security improvements in enterprise environments.In addition to managing staff, this role will focus on planning, designing and executing security-related projects, processes and procedures in a Microsoft-oriented environment with an emphasis on technical competency in the areas managed. Focus areas for this position will include operating system and cloud platform security architecture and threat modeling of both applications and IT infrastructure. The individual will serve as the Firm’s cyber defense lead during major security incidents by activating the Firm’s CSIRT, coordinating cross functional response teams and providing clear, timely communication with technology leadership and key stakeholders throughout the lifecycle of an incident.Responsibilities include:* Continuously monitoring and analyzing the global cybersecurity threat landscape including active threat actors, attack techniques and emerging vulnerabilities, and translating that intelligence into actionable guidance, priority defensive actions and incident readiness for the Firm* Owning the continuous improvement of the Firm’s cybersecurity control environment by identifying control gaps driven by emerging threats, designing defensive enhancements and leading the implementation of new or improved technical, procedural and detective controls across infrastructure, applications and cloud platforms* Establishing and leading an enterprise threat modeling and risk assessment program that proactively identifies how adversaries could exploit applications, infrastructure and third-party integrations and embeds those assessments into application design reviews, architecture decisions and major technology implementations* Managing and mentoring other Cybersecurity Team members* Leading multiple simultaneous cybersecurity projects* Engaging with vendors on support issues and performing regular product and business reviews* Providing Level 3 problem management and troubleshooting* Providing documentation on security processes and best practices to be followed by the Service Desk Team* Meeting deadlines and collaborating with internal and external TS Teams**Candidate Requirements***Qualifications & Experience:** Bachelor’s degree required* CISSP, CISM, SSCP, Microsoft SC-100 or SC-900 are a plus* 15+ years of experience supporting information security, executing security-related projects and applying security best practices in a medium-to-large sized organization* Staff management (previous management experience required)* Demonstrated prior experience planning and executing the security components of a Microsoft-centric technology organization* 3+ years of threat modeling and assessment work on applications and IT infrastructure* Experience with the Microsoft Defender XDR suite and the Zscaler network security suite* Windows Operating System security* Entra ID and Active Directory security* Microsoft Azure cloud security* Familiarity with DevOps and Application Development security* Deep technical understanding of how security products work and how to make them work better* Business acumen to understand the impact IT security and technology has on business outcomes* Enthusiastic about working in office and creating a Gold Standard hybrid work culture**Critical Competencies for Success****Our Gold Standards** Model defines key behaviors and competencies across 4 dimensions:
Leadership, Achieving Results, Personal Effectiveness and Thinking Critically. These behaviors and competencies drive our ability to win together.* **Leadership:**
Role models in this area consistently focus on the right goals and priorities and continually develop themselves and others. Always team players, they influence and engage with others to contribute to a supportive and inclusive culture where all feel welcome.* **Achieving Results:**
Role models in this area are high achievers who develop careful plans and deliver consistently and effectively. They hold themselves and others accountable for delivering high quality results, and they remove barriers to ensure others can contribute and grow.* **Personal Effectiveness:** Role models in this area build strong relationships, treat others with respect and communicate effectively. They are driven to exceed expectations and are adaptable to changing circumstances.* **Thinking Critically:**
Role models in this area understand our business, rely on analytical reasoning and seek diverse perspectives to solve problems. They are forward thinking, anticipating issues and addressing them in advance.The **department-specific competencies** define the knowledge, skills and abilities that are needed to successfully perform the functional or technical work of this role.* **Technical Support:** Triages, troubleshoots and resolves technical support issues. Escalates issues as needed.* **Software Development Principals:**
Utilizes software development, secure programming principles and a knowledge of programming languages to develop, configure and / or integrate new software and applications.* **Business Needs Assessment:**
Identifies business needs across departments within the Firm to understand the challenges, goals and problems that the business needs to solve and identifies appropriate technical solutions.* **Data Management and Information Security:**
Manipulates, restructures and / or queries data for various purposes, including reconciling issues in the database, designing database structures and / or generating reports. Adheres to governance principles and maintains data integrity and security.* **Risk Management:**
Identifies, forecasts and articulates ways to pursue and manage informed risks in ambiguous, complex or uncertain situations based on sound value propositions and an analysis of potential rewards and costs.* **Testing:**
Evaluates the functionality of an application, system or solution to ensure that requirements have been met and defects have been identified. Applies an understanding of end user requirements and usage in the end-to-end system to produce a quality product.* **Industry Knowledge:**
Demonstrates an understanding of the Firm's position in the industry, including its complex structure and competitive advantage in the marketplace. Monitors industry trends and changes and recognizes their relevancy and implications.* **Technical Communication and Documentation:**
Documents and communicates technical processes and procedures in area of specialty to stakeholders. Adapts the level of detail and specificity based on the needs of the intended audience.* **Vendor Management:**
Manages and coordinates #J-18808-Ljbffr
Leadership, Achieving Results, Personal Effectiveness and Thinking Critically. These behaviors and competencies drive our ability to win together.* **Leadership:**
Role models in this area consistently focus on the right goals and priorities and continually develop themselves and others. Always team players, they influence and engage with others to contribute to a supportive and inclusive culture where all feel welcome.* **Achieving Results:**
Role models in this area are high achievers who develop careful plans and deliver consistently and effectively. They hold themselves and others accountable for delivering high quality results, and they remove barriers to ensure others can contribute and grow.* **Personal Effectiveness:** Role models in this area build strong relationships, treat others with respect and communicate effectively. They are driven to exceed expectations and are adaptable to changing circumstances.* **Thinking Critically:**
Role models in this area understand our business, rely on analytical reasoning and seek diverse perspectives to solve problems. They are forward thinking, anticipating issues and addressing them in advance.The **department-specific competencies** define the knowledge, skills and abilities that are needed to successfully perform the functional or technical work of this role.* **Technical Support:** Triages, troubleshoots and resolves technical support issues. Escalates issues as needed.* **Software Development Principals:**
Utilizes software development, secure programming principles and a knowledge of programming languages to develop, configure and / or integrate new software and applications.* **Business Needs Assessment:**
Identifies business needs across departments within the Firm to understand the challenges, goals and problems that the business needs to solve and identifies appropriate technical solutions.* **Data Management and Information Security:**
Manipulates, restructures and / or queries data for various purposes, including reconciling issues in the database, designing database structures and / or generating reports. Adheres to governance principles and maintains data integrity and security.* **Risk Management:**
Identifies, forecasts and articulates ways to pursue and manage informed risks in ambiguous, complex or uncertain situations based on sound value propositions and an analysis of potential rewards and costs.* **Testing:**
Evaluates the functionality of an application, system or solution to ensure that requirements have been met and defects have been identified. Applies an understanding of end user requirements and usage in the end-to-end system to produce a quality product.* **Industry Knowledge:**
Demonstrates an understanding of the Firm's position in the industry, including its complex structure and competitive advantage in the marketplace. Monitors industry trends and changes and recognizes their relevancy and implications.* **Technical Communication and Documentation:**
Documents and communicates technical processes and procedures in area of specialty to stakeholders. Adapts the level of detail and specificity based on the needs of the intended audience.* **Vendor Management:**
Manages and coordinates #J-18808-Ljbffr