Director, Information Security Management

Attention! This job posting is 551 days old and might be already filled.
Kraft Kennedy Published: November 22, 2015

<p><strong>Vulnerability &amp; Penetration Testing Risk Assessment</strong></p>
<p>Due to our market leadership in the legal industry, Kraft Kennedy’s Information Security &amp; Governance consulting practice is experiencing rapid growth. Our Information Security and Governance consulting practice assists firms with end to end consulting, testing, management, support and response to their security, governance and compliance needs.</p>
<p><strong>Roles and Responsibilities</strong></p>
<p>We are looking for a passionate Director, Information Security Management with strong experience in security, technology, compliance, risk and governance who can take a leadership role in our growing Information Security &amp; Governance consulting practice with a focus on vulnerability &amp; penetration testing, security architecture and risk assessments.</p>
<p>The Director, Information Security Management will be responsible for leading a team to review and test our clients’ technical, administrative and physical controls within their information technology environment and provide guidance on mitigating the risks based upon the results.</p>
<p>The successful candidate must be an individual who understands business operations, information technology and security. This individual must have demonstrated leadership specific to technical information security issues as well as the ability to manage and develop staff. High level communication skills are essential to successfully translate technology and security requirements into business terms. Strong client service skills are necessary for interacting with various levels of internal IT staff as well as corporate leadership.<br />
&lt;ul&gt;<br />
&lt;li&gt;Maintain working knowledge of advanced cyber threat actor tactics and techniques&lt;/li&gt;<br />
&lt;li&gt;Research, identify and understand new threats&lt;/li&gt;<br />
&lt;li&gt;Conduct risk assessments, security audits, vulnerability/penetration tests with commercial, open source and self-developed tools and techniques&lt;/li&gt;<br />
&lt;li&gt;Document and present findings to team and clients&lt;/li&gt;<br />
&lt;li&gt;Work with and potentially lead incident response teams&lt;/li&gt;<br />
&lt;li&gt;Manage, mentor and train fellow team members&lt;/li&gt;<br />
&lt;li&gt;Internally educate business unit leaders, staff and executive leadership on the Information Security &amp;amp; Governance practice&lt;/li&gt;<br />
&lt;li&gt;Be involved with the sales process by working with the business development staff and clients to explain and demonstrate services and products&lt;/li&gt;<br />
&lt;li&gt;Excel as a self-motivated individual who can work on their own as well as integrated with a team in a variety of situations&lt;/li&gt;<br />
&lt;li&gt;Consistently work to improve our brand through thought leadership&amp;lt;/p&amp;gt;&lt;/li&gt;<br />
&lt;/ul&gt;<br />
&lt;p&gt;Desired Skills &amp;amp; Experience&lt;/p&gt;<br />
&lt;ul&gt;<br />
&lt;li&gt;5+ years consulting experience leading vulnerability and penetration testing engagements, IT security audits and risk assessments, Experience in a number of IT disciplines may provide a solid framework for this position, but hands-on results from performing IT risk assessments, information security consulting or IT audits are most beneficial&lt;/li&gt;<br />
&lt;li&gt;CISA, CISSP, CEH, GPEN, Security + or equivalent security testing and architecture certifications&lt;/li&gt;<br />
&lt;li&gt;Proven experience with security tools such as Nexpose, Metasploit Pro, Nessus, Kali Linux, etc., as well as other various commercial and self-developed tools&lt;/li&gt;<br />
&lt;li&gt;Experience with scripting languages such as python, ruby, etc., as well as familiarity with programming languages such as: C/C++/ObjC/C#, Java, PHP, or .NET&lt;/li&gt;<br />
&lt;li&gt;Strong knowledge of the Windows client/server architecture and familiarity with Linux/Unix&lt;/li&gt;<br />
&lt;li&gt;Strong networking knowledge with a focus on security&lt;/li&gt;<br />
&lt;li&gt;Familiarity with incident handling techniques and processes desired&lt;/li&gt;<br />
&lt;li&gt;Team leadership and development experience required&lt;/li&gt;<br />
&lt;li&gt;Must possess strong verbal and written skills&lt;/li&gt;<br />
&lt;li&gt;Management consulting experience a must&lt;/li&gt;<br />
&lt;li&gt;Project management experience desired&lt;/li&gt;<br />
&lt;li&gt;Industry visibility through conference presentations, blogging, academic papers and social media is desired&lt;/li&gt;<br />
&lt;li&gt;Business development skills a plus&lt;/li&gt;<br />
&lt;li&gt;Law firm experience is a definite a plus&lt;/li&gt;<br />

 upload file ... Limit reached, delete at least one file below to add more.