Director, Cyber Security

Duties and Responsibilities:

• Creates actionable insight and understanding, through the analysis of both quantitative and qualitative data, building recommendations that directly address cybersecurity and business fraud identification objectives

• Establishes, evaluates, and implements performance metrics for functions supervised and drives cross functional initiatives, proactively identifying dependencies and driving issues to resolution and acts as management lead on multiple large projects and smaller engagements in a matrix management environment

• Define Cyber controls (standards) for core data assets understanding the complex and diverse nature of Q2 products and services

• Direct supervision and related management duties of the Cyber Security team (Cyber Security Analysts and Engineers)

• Works in partnership with teams across Q2; including marketing, communications, hosting, compliance, support and development

• Responsible for driving strategic leadership of the regions Cyber Assessment, Vulnerability Management, Training, and Exercise programs

• Provide guidance and counsel to the CISO and key members of the business leadership team, working closely with senior leaders in defining objectives for information security, while building relationships and goodwill

• Establish annual and long-range regional cyber security and compliance goals, define security strategies, metrics, reporting mechanisms and program services

• Stay abreast of information security issues and regulatory changes affecting the areas of Vulnerability Management, Assessments, and Training, Participate in Q2 policy and practice discussions, and communicate to senior leadership on a regular basis about those topics

• Represent cybersecurity at key business forums, risk meetings, steering committees

• Promote the adoption of central, compliant security services, where they exist and are relevant

• Work with the CISO and Operating Company brands to define and drive a multi-year cyber security architecture and world-class program

• Plan and lead the deployment of security solutions globally using insourced and external service providers

• Evaluate and build adaptable and extensible security frameworks inclusive of applicable compliance requirements

• Continually drive cyber security enhancements through standardized workflows and process improvements

• Define & track relevant and actionable security metrics/KPI’s/KRI’s to ensure cyber security protections

• Define and develop customized security analytics, visualization, and correlation methodologies to identify anomalous behaviors

• Strong verbal and written communication is a must to be able to deliver complex topics to non-technical stakeholders

• Thrives off of solving complex problems in unique ways using innovative methods to be successful in protecting the company’s information assets

• Partner with Cyber testing, Simulation, Infrastructure and Application development teams to develop new testing scenarios and maintain existing plans

• Ensure all implemented cyber resiliency solutions have validation plans in place including continuous improvement plans

• Ensure that recovery playbooks are clearly defined, documented, communicated, adhered to, and are audit compliant

• Responsible for influencing and participating in building the annual Security operating budget and portfolio of services

• Manage the information security function in accordance with the established policies and guidelines while balancing the appropriate levels of risk in support of the business objectives

• Drive assessment of risk to applications via standard secure code cycle and determine exposure from 3rd party vendors

• Leads and facilitates sync meetings between product innovation teams, infrastructure, enterprise architecture to build security in their processes and projects

• Provide coaching, consulting, and training opportunities to create and maintain talent within the security organization at the manager and below level

REQUIRED SKILLS & EXPERIENCE:

• Knowledge of process engineering, project management, ITIL, CoBIT

• Minimum 8 years of experience in the information security field with at least 5 years of experience in a management capacity

• Proven experience in leading, managing and developing security teams, such as SOC, SIRT and Security Engineering

• Experience with network, host, and application anomalies and alerts raised by automated systems, such as SIEM, NGW, APT and end-point protection

• Strong security background (understanding risk assessment, legal and regulatory re Possess unimpeachable personal and professional integrity

• Prior experience in Cyber Security demonstrating leadership 

• Strong in conceptual analysis and systems thinking

• Resilient in leading and managing change dynamics, drive for results and highly energetic individual

• A team player among your peers and other Business Units

• Knowledge of the various IT and Security Compliance and other regulatory requirements

• Relevant technical security certifications (GIAC, CISSP, CEH etc)

• An engaged and empowering and leader – can inspire teams in being innovative in developing new ideas and solutions

• Exceptional communication skills across multiple audiences

• Coordinate critical, sensitive incidents spanning multiple geographies

• Supervise the activities of analyst(s) and engineer(s) with responsibility for repeatable quality, and investigative integrity

• Expert leader with Cyber Security best practices and current and emerging technology

• Typically requires a Bachelor’s degree and a minimum of 12 years of related experience; or an advanced degree with 8+ years of experience; or equivalent relevant work experience.

• Typically requires 5-7 years managing and developing employees.

At Q2, our goal is to be a diverse and inclusive workforce that fosters mutual respect for our employees and the communities we serve. Q2 is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.