Sr Director, Info Security at Pluto TV
About The Brand
Overview and Responsibilities
The Director Information Security’s primary job responsibility is to reduce risk to Pluto TV’s Information and Information Systems through the understanding and use of various data security technologies, applications, methodologies and industry standards. The Director Information Security will be a senior technology professional able to provide advanced expertise in Information Security Technologies and risk reduction strategies. In addition to daily hands-on operational responsibilities, this role will be responsible for the innovation and execution of people/process and technology improvements within Information Technology. This person will lead a small team that works closely with IT, engineering, and other business units.
- Applies in-depth knowledge of multiple InfoSec technologies (IPS/Firewalls/Anomaly Detection etc.), as appropriate.
- Accomplishes staff results by communicating responsibilities; planning, monitoring, and appraising job results; coaching, mentoring, and creating accountability for employees; developing, coordinating, and ensuring compliant systems, policies, procedures, and productivity standards.
- Acts as a consultant to IT professionals and business partners on Information and Cyber Security risks and controls.
- Performs sophisticated analysis of Information Security related logs and log data to surface potential Information Security risk and concerns for resolution. Reports up on areas of opportunity and concern.
- Proactively makes risk reducing recommendations to appropriate business units regarding the development of new or existing services.
- Proactively looks for innovative approaches to maintaining and improving the corporate IS Framework.
- Maintains broad experience in InfoSec, and has the ability to identify and partner with technical specialists in different specialized fields across other groups.
- Participates in Incident Response training initiatives and when required ensures active participation in the incident response lifecycle governed by the Technical CERT Policy.
- Ensure all of the services and or applications supported are performing as intended this includes coordinating upgrades and or improvements.
- Frequently reviews any tickets in any service ticketing queues related to the group managed to ensure proper ticket closure.
- Perform vulnerability scans which include analysis and coordinating remediation.
- Conduct detection analysis and coordinate remediation for anomalies & possible intrusions
- Participate in litigation support associated with Electronic Stored Information.
- Participate as appropriate in any Information Technology, Information Security or Business unit project, noting any information security gaps or implications.
- Perform security risk evaluations and penetration assessments.
- Supports the company’s risk management program in a manner that fulfills the mission and strategic goals of the organization while following local, state and federal laws and accreditation standards.
- Proactively identifies creative risk solutions to decrease loss of data, increase the data protection mechanisms and controls throughout the enterprise.
- Develop polices, procedures and related guidelines.
- Typical candidates will possess 7+ years in IT related field and 5+ years of full time Information Security Technical management experience.
- BA/BS degree or equivalent preferred.
- Goal driven individual with good technical, interpersonal, communication and organizational skills.
- Makes a commitment to helping create a “transparent culture of service” which fosters an open, honest, candid workplace within the teams managed.
- Embraces and fosters “innovation” by working on new things in new ways every day
- Develop a global perspective with consideration for local business needs.
- Acts as an Information Security domain specialist and is comfortable interacting with employees at all levels and roles.
- Proven management skills, with ability to manage, mentor and motivate employees.
- Acts responsibly with sensitive and confidential information.
- Is creative and resourceful as a problem solver.
- Demonstrates the drive to deliver projects successfully even under difficult timelines.
- Strong logical, analytical, methodical, investigative and auditing skills.
- Knows when to make practical rational decisions that reduce risk to company information and systems.
- Excellent verbal and written communication.
- Travel domestically and internationally if required and with short notice.
- Must be reliable and available 24/7 if required.
Solid understanding of the following:
- The OSI / TCP/IP protocol stack.
- Vulnerability scanning, intrusion detection, anomaly detection and associated technologies.
- Layer 2, 3 and 4 infrastructure designs and functionality.
- Windows, UNIX, and Linux OS hardening standard methodologies.
- The latest hacking techniques and appropriate countermeasures.
- Firewalls, rule base analysis, stateful inspection, encryption and associated algorithms.
- Common threat analysis methodologies such as SANS and OWASP.
- Identity and Access Management methodologies.
- Authentication Platforms, which includes but is not limited to LDAP and Active Directory.
- Federated Authentication Platforms and associated protocols.
- Incident Handling and Incident Response Methodologies.
- Have the following Certs is also a plus, CISA,CISSP, CISM, CEH, EnCe, ITIL and SANS (GCIA, GCIH, GCFA)