This job has expired, please see additional jobs below
Associate Director, Security Engineering
TSYS
Columbus, GA, United States
Job Details - this job has expired, please see similar jobs below
Every day, the people of TSYS® and Netspend® improve lives and businesses around the globe through payments. We make it possible for millions of people to move money between buyers and sellers using our payments solutions including credit, debit, prepaid and merchant services. We are "People-Centered Payments", and our team has the unique opportunity to help create a world in which payments make people's lives easier and better. This is both a tremendous honor and an important responsibility for those who accept the challenge. If you are looking to make a valuable difference for people everywhere — and for yourself — we may have the right place for you.
Summary of This Role
The Associate Director, Security Engineering manages the development, deployment, and execution of controls and defenses to ensure the security of TSYS technology and information systems across multiple business units and segments. This position analyzes business needs and establishes priorities for the protection of critical systems and operational policies. This position establishes highly efficient processes, effective tools, and appropriate collaboration among teams.
The Associate Director establishes and implements appropriate information security standards and criteria for hardware, software, firmware, email and web firewall, access, vendors and third-party solutions, and encryption requirements. This position evaluates potential business impacts from security breaches and supports the resolution of security incidents while providing guidance to business decision-makers. This position reports to the Vice President, Security Engineering.
The Associate Director possesses a strong technical background and understands risk, mitigation, and technical controls. This position is expected to lead a team that performs technical work and must possess leadership qualities. This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level. The role requires the ability to speak confidently with corporate management, vendors, and service providers.
What Part Will You Play?
• Leads and maintains the global vulnerability management program and its functions for all enterprise systems. Maintains the architecture, deployment and support for the global vulnerability management program. Provides detailed consulting and reporting to executives, clients, business owners and technical experts across the enterprise. Identifies systemic security issues based on the analysis of vulnerability and configuration data. Directs the tactical efforts supporting the global Security Information and Event Management (SIEM) platform used to identify threats to the organization’s information assets and systems. Reviews and recommends upgrades, products, and tools that will enhance the use of the SIEM. Monitors developments in the information security industry and communicates on the potential impact on or applicability to the organization. Oversees cyber security research efforts regarding real time external cyber threats. Directs the monitoring, identification, analysis, and response to suspicious real time events that occur against corporate networks and systems. Executes containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence to be used for after action reporting and/or legal evidence. Creates business cases for security investments. Leads and executes tactical activities of the global Threat Management Center (TMC).
• Establishes and maintains appropriate and effective correlation data that is used to bring context to suspicious and innocuous events. Ensures engineers maintain current knowledge of emerging threats from global threat intelligence sources and applies knowledge within the SIEM platform to improve security posture. Creates and/or matures an effective security engineering governance, policy, and process to mandate repeatable, secure design, and engineering practices. Provides guidance and advocacy regarding prioritization of investment and implementation associated with security strategy. Ensures adherence to industry best-practice approaches to the design, implementation, operation and management of security systems. Assists information owners in identifying and implementing controls to mitigate the threats to information assets and computing resources. Identifies and recommends security solutions to meet changes in technology and business operations.
• Leads, maintains and improves the global network penetration program for networks worldwide. Validates and exploits security flaws in networks to demonstrate real world risks, attacks and security postures of corporate networks. Maintains and improves the program to evolve with emerging threats and ever growing compliance oversight. Designs and develops exploits to test systems for the purpose of validating compliance to security controls, standards and compliance. Provides guidance and analysis of emerging risks to executives, business owners and technology owners. Establishes and maintains effective partnerships with independent teams to evangelize security priorities, methodologies, awareness and compliance across the organization. Maintains a current knowledge of known and emerging vulnerabilities from global threat intelligence sources. Serves as an expert to the organization on vulnerability, threats, incidents and exploits that impact the company.
• Leads and maintains a comprehensive program that is fully compliant with policy requirements (e.g., Payment Card Industry Data Security Standards (PCI DSS), Federal Financial Institution Examination Counsel (FFIEC)). Develops, maintains and distributes comprehensive reporting of security findings to internal owners and external compliance assessors. Presents program standards to clients and assessors to validate compliance to requirements. Promotes compliance requirements and present program standards. Provides vulnerability risk analysis for work prioritization. Directs the develop of new metrics and reporting on business unit compliance with corporate information security standards.
• Provides consulting to application owners on secure coding standards and analysis. Provides expertise on best practices and security to technical owners during the design and testing phases. Reviews technical design documents to validate security considerations are understood early within the development process. Verifies that software, networks and systems are implemented and effective. Reviews and validates new prospective technologies for adherence to security standards. Delivers information security requirements in a way that is understood and effects change. Provides analysis of threat intelligence and issues security briefings to internal and external stakeholders. Maintains and delivers accurate and descriptive reporting of vulnerabilities, threats and security flaws to the organization. Interfaces with the enterprise forensics team during incident response efforts as appropriate. Ensures high level of customer service is provided to internal and external clients. Conducts post mortem reviews of cyber security events to ensure that actions were appropriate, gaps were identified, and procedures were updated and understood by team members. Develops and improves procedural documentation for the standardization and repeatability of incident handling and analysis.
• Evaluates highly complex technical solutions to determine compatibility with enterprise authentication and identifies management solutions. Delivers critical security components and technical integrations for revenue generating corporate solutions including enhanced corporate product offerings, new regions for exiting offerings and time sensitive client conversions. Assesses and approves non-routine, highly complex security projects, while acting as a security subject matter expert. Reviews and approves project charters, requirements and solution documentation. Initiates enterprise projects to include business justifications, cost and resource needs. Provides threat management and forensic consultation.
• Provides regular reporting to clients and assessors on status of security concerns, controls, product and projects, work requests, and process improvements. Participates in client meetings and corporate sponsored forums. Leads communication with internal and external counterparts to set priorities for work and builds cross functional teams.
• Reviews and approves the implementation of countermeasures and other actions to be deployed within security technologies that are recommended by security threat analysts. Consults with security and technical leadership, and outside security vendors to validate the recommended security control measures. Reviews policy and configurations within security technologies to ensure effectiveness of mitigating risk.
• Not an exhaustive list; other duties as assigned.
What Are We Looking For in This Role?
Minimum Qualifications
• Bachelor's Degree
• Relevant Experience or Degree in: related field of study from an accredited university is required; however, relevant experience in lieu of a degree may be considered.
• Typically a minimum of 8 years
• related professional experience including a minimum of 3-4 years experience in a supervisory position.
Preferred Qualifications
• None Identified
What Are Our Desired Skills and Capabilities?
None Identified
Not Ready to Apply? Join Our Talent Community!!
US Applicants:
TSYS is an equal opportunity employer (EOE) committed to employing a diverse workforce and sustaining an inclusive culture. For more information about your rights, click here.
Qualified individuals with disabilities may be entitled to reasonable accommodations to assist in their pursuit of employment with TSYS. This includes assistance in completing the job application (online or otherwise) and reasonable accommodations during the hiring process.
EOE/Minorities/Females/Vet/Disability
Outside of US Applicants:
TSYS is committed to diversity and equal opportunities for everyone. We are committed to ensuring that all job applicants and team members are treated equally, without discrimination because of gender, sexual orientation, marital or civil partner status, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability, age or any other characteristic prohibited by law. For more information, please refer to our Code of Business Conduct and Ethics, found here.