The Senior Director of Infrastructure and Security is primarily responsible for ensuring that the company's technology is secure, compliant, and available. You are also responsible for helping to set security practices, evaluating new technologies and frameworks, identifying ways to improve the security posture, achieve and maintain SOC II compliance and mentoring and leading new team members. The Senior Engineer is a self-starting team-player with exceptional troubleshooting and communication skills.
- Manage the Information Security Program for the business to ensure that security controls are in place to adequately protect data and monitored regularly for compliance with established policies, standards, and contractual obligations.
- Manage 3rd party audits and vendor engagements such as SOC2 Type II annual audit and 3rd party network penetration tests. Work closely with other teams to remediate risk findings.
- Lead the Security Group whose purpose is to review and maintain the risk management roadmap priorities and monitor their implementation.
- Provide support to the Sales team to complete information security RFI’s. Lead customer audits and provide responses that assures the customer that customer data is adequately protected.
- Implement, improve, and perform Disaster Recovery processes. Lead regular test activities.
- Design, implement, and support server and network devices in the application (AWS) and corporate (VMWare) environments. This includes Windows servers, gateways, switches, firewalls, NAT devices, IDS devices, VPN devices, and Active Directory infrastructure.
- Administer established IDS software and system monitoring processes.
- Assist with the creation and execution of the technology team’s annual roadmap and initiatives.
- Manage all software licenses and technology inventory.
- Support the production systems through support and on-call rotations.
- Develop security awareness and HIPAA training programs for all employees.
- Mentor, challenge, and grow your peers on the infrastructure and security technology team.
- 7-10 years' experience performing IT and security related duties.
- 3+ years of experience mentoring peers or serving in a leadership role
- Certifications in CISSP, CISA, CISM, CCSP/CCIE, GIAC is preferred.
- Expertise in security threats, vulnerabilities, defenses, principles and policies.
- Technical experience in the areas of security requirements analysis, security architecture, security testing, security operations and maintenance and the security economics.
- Knowledge of applicable data privacy practices and regulatory requirements (HIPAA, SOC2).
- Advanced knowledge of networking/distributed computing environment concepts.
- Advanced knowledge of routing and client/server programming.
- Advanced knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices.
- Advanced technical knowledge of network, PC, and platform operating systems, including Cisco, Fortinet, Microsoft and Linux.
- Advanced ability to work independently, work in a fast-paced environment, and manage workload prioritization to deliver high quality work products on time with minimal direction.
- Advanced critical thinking skills with the ability to move beyond proven problem-solving approaches to formulate solutions.
- Strong leadership skills, excellent cross-functional relationship building skills.
- Advanced communication skills, both written and verbal.
- Requires a bachelor's degree in a Computer or Engineering related discipline
Currently the team is working remotely due to the pandemic. In the near future, this position would require you to work from the companies office in Nashville, TN.