Director, Information Security
Job Locations: United States-OH-Cincinnati
Category: IT Infrastructure & Support
Job Summary
The Director of IT Security is a strategic leader responsible for safeguarding the organization's information assets and infrastructure. This individual will develop, implement, and manage a comprehensive cybersecurity program, ensuring compliance with industry standards and regulations. They will lead a team of security professionals, oversee vulnerability assessments and incident response, and drive continuous improvement in the organization's security posture. You will be joining an organization where your contribution makes a significant impact in protecting Medpace and our Sponsors.
Responsibilities
- Plan, direct and manage the day to day operations of the IT Security department;
- Develop, maintain, and enforce IT security procedures and policies that are effective and efficient in protecting Medpace computer systems & data and are consistent with regulatory requirements;
- Safeguard information system assets by identifying and solving potential and actual security problems;
- Protect systems by defining access privileges, control structures, and resources;
- Recognize problems by identifying abnormalities; reporting violations; manage IT Security incidents to closure;
- Implement security improvements by assessing current situation, evaluating trends, anticipating security risks;
- Determine security violations and inefficiencies by conducting periodic audits;
- Work across IT to upgrade systems by implementing and maintaining security controls;
- Keep IT leadership informed by preparing security posture reports; identifying areas/process improvement opportunities; communicating security trends and risks;
- Maintain quality service by following organization standards;
- Collaborate with Functional Areas/business units across the company to ensure IT Security best practices are understood and followed;
- Oversee the hiring, training, evaluation, and retention of associates;
- Conduct IT Security policy training and ensure employees are working in compliance with SOPs and Good Clinical Practice guidelines.
Qualifications
- Bachelor's degree in information security, cybersecurity, information technology or related discipline;
- 8-10 years of IT management experience;
- Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification preferred;
- Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements;
- Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations;
- In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Microsoft Sentinel);
- Understanding of mobile technology and OS (i.e. Android, iOS, Windows) and VMware technology;
- Extensive experience in all Microsoft related products including operating systems, Active Directory, Azure, Remote Server and Desktop Access, SQL Server, Office 365, Teams and SharePoint;
- Experience with Perimeter Security systems and software (e.g., Firewalls, Intrusion Protection Systems, VPN);
- Excellent management, leadership, communication, presentation, organization and positive influencing skills.
#J-18808-Ljbffr