It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

Celink is a leading servicer of reverse mortgages. We own and operate a proprietary servicing system, ReverseServ Elite. We have developed a modern CI/CD toolset in AWS for our application. We are also migrating our infrastructure to AWS. Cybersecurity is a critical part of our processes.

The Director, Information Security designs, develops and monitors information security policy and documents; monitors compliance with Company security policies such as GLBA, regulatory requirements, and applicable laws, designs security policy training and awareness activities.

This person will also supervise, manage and lead security analysts. You will acquire, develop, and retain talent, ensuring performance and alignment to corporate strategy. You will work under minimal direction with extensive latitude for the exercise of initiative and independent judgment.

The position also reports on security control status using various tools combined with analytic methods to correlate across systems and provide actionable information, as well as coordinates assessment, investigation, and reporting of security incidents. It is responsible for implementing new processes, technical controls, and policies and procedures.

You will be responsible for validating that our applications are designed and implemented with high security standards. You will be a primary liaison with Application Development and DevOps teams.

This is a doer role, you will be expected to “roll up your sleeves” and perform analysis, remediation of vulnerabilities, and step in when necessary to support efforts of the security team.

This position also works closely with the other technology leadership and other departments to further the information security standing of the company. It promotes strategic relationship with other parts of technology organization.

This is a great opportunity to join a fast-moving team.

Duties and responsibilities

• Enforce rigorous security controls and follow through for verification and consistency
• Focus on automation to aid in efficiencies with both testing and production
• Report on security controls to technology leadership and risk organization
• Influence secure application development standards and implementations
• Work with application and infrastructure teams on remediation of application and system vulnerabilities
• Implement and configure vulnerability management and SIEM solutions
• Perform evaluation and creation of remediation mitigation strategies
• Perform vulnerability scans of networks and applications to assess identified weaknesses
• Review reports from security tools for possible indicators of security incidents
• Supervise audit-related activities such as user access reviews
• Provide an analysis of incoming alerts and incidents and responding to or escalating incident response depending upon the severity of the incident
• Support the security infrastructure in multiple locations
• Supervise triaging incoming security alerts from cybersecurity tools, managed service providers, and user reported incidents
• Provide on-call support as required
• Keep up to date on attacker tactics and procedures and testing the company’s preventive, detective, and corrective security controls abilities to mitigate risk from commonly used and high-risk cybersecurity threats and vulnerabilities
• Ad-Hoc activities may include reviewing forensic analysis of information systems and network flow data as part of incident analysis, as well as performing ad-hoc searches and information queries to gather further evidence needed for incident analysis and response.

Qualifications

Education

• Bachelor’s degree in computer science, information security or other related field

Experience/Training

• 10+ years of experience in information technology
• 5+ years of experience in security risk and compliance management, assessment, auditing, research and/or consulting

Professional Certification/License

• Industry related certifications (CISA, CRISC, CISM, CISSP, CEH, OSCP, CCNA) strongly desired.
• Cloud and DevOps related certifications are a big plus

Professional Capabilities

• Knowledge of CIS 18, NIST CSF or other common Cybersecurity frameworks
• Experience with Agile and Software Development Lifecycle (SDLC) practices
• Understanding of cloud architecture, infrastructure, and resources and common security approaches to implementing cloud resources in a secure manner
• Strong understanding of common Linux and Windows systems configurations and use as well as administration/troubleshooting capabilities
• Ability to research and develop remediation plans for Linux, Windows, and other systems as well as ad-hoc software packages, application frameworks
• Solid understanding of IDS/IPS, Firewalls, Network Architecture, TCP/IP, software and OS vulnerabilities
• Understanding of common data security approaches such as encryption at rest, access management, etc
• Capability to automate analysis and technical tasks through one or more scripting languages
• Knowledge of forensics, penetration testing, knowledge of hacker tactics and procedures, software and web application security, and network and IaaS security architecture is a plus
• Ability to use Excel, PowerBI, and other data manipulation tools effectively

Skills and Abilities

• Excellent communication skills, proven excellence in communicating business risk from cybersecurity topics
• Excellent organizational and leadership skills
• Outstanding team management skills, demonstrated ability to supervise, grow and retain talent
• Highly self-motivated and directed
• Ability to work under limited supervision, with considerable latitude for the use of initiative and independent judgment
• Demonstrated ability to multi-task, make independent decisions and manage conflicting priorities in a fast-paced environment with timeline pressures. Must be responsive and willing to take ownership of issues and drive solutions
• Ability to work effectively, and collaboratively, with end users, business managers, executives and IT support staff

Job Type: Full-time

Pay: $105,000.00 - $150,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Flexible spending account
• Health insurance
• Paid time off
• Vision insurance

Schedule:

• Monday to Friday

Ability to commute/relocate:

• Remote: Reliably commute or planning to relocate before starting work (Preferred)

Application Question(s):

• Ability to work effectively, and collaboratively, with end users, business managers, executives and IT support staff
• Solid understanding of IDS/IPS, Firewalls, Network Architecture, TCP/IP, software and OS vulnerabilities
• Knowledge of CIS 18, NIST CSF or other common Cybersecurity frameworks

Education:

• Bachelor's (Preferred)

Work Location: Remote

Please Note :
chrismaxcer.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, chrismaxcer.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, Site.com is the ideal place to find your next job.