Director, Information Security & Compliance
This job is no longer active.
View similar jobs.
POST DATE 9/1/2016
END DATE 11/30/2016
San Francisco, CA
JOB DESCRIPTIONAPPLY More information about this job:
Position: Director, Information Security & Compliance
Location: San Francisco, CA or Sunnyvale, CA
Riverbed is about changing the rules. Forget about how things work today join us as we solve the problems of the future. Do you thrive on change* Do you like the constant challenge of the new* Do you value simplicity* Our intelligent insights and hard work makes things easy for our customers so we can enable them to serve their customers. Can you help us deliver technology without disruptions technology that just works*
Riverbed Technology is the leader in application performance infrastructure, delivering the most complete platform for location-independent computing. Location-independent computing turns location and distance into a competitive advantage by giving IT the flexibility to host applications and data in the most optimal locations while ensuring applications perform as expected, data is always available when needed, and performance issues are detected and fixed before end users notice. Riverbed s 24,000+ customers include 97% of the Fortune 100 and 95% of the Forbes Global 100.
Riverbed Technology s IT organization is seeking an experienced security professional to function as part of our IT management team and provide security oversight for our IT services portfolio.
The individual in this position will work across the IT organization and with business partners as required to understand internal and external application & infrastructure service offerings Riverbed has deployed or is considering. Role will be responsible to ensure that appropriate controls, systems, and policies are in place to prevent security breaches and standard operating procedures are in place for audit, incident response and compliance reporting.
This position will work with teams to understand needs and recommend physical and technical information security best practices to be incorporated into service design and operations. Individual will be responsible to develop and publish policies for IT teams to follow, promote security awareness across the company as well as implement security procedures and safeguards.
This position reports to the CIO/CISO.
* Provides a strategic point of view for security solutions that can be impacted by new technologies (Cloud , Mobility, Virtualization), and business drivers (M&A, New Business Models)
* Provides system security planning, development, and implementation of security policies across multiple platforms.
* Provides consultation and support in security management, architecture standards and documentation, and chances/enhancements to security configurations.
* Defines processes to manage network and application security as well as prevent the proliferation of viruses and hacker intrusion.
* Manages execution of vulnerability scans, penetration tests, and audits to proactively identify areas of risk.
* Track and direct the mitigation of technical security incidents across enterprise IT and manage them through to resolution.
* Keep up to date on information security threats and countermeasures and advise staff and development teams.
* Work with third-party testing groups to perform security audits, validating threats and working with development team to implement and test resulting recommendations.
* Work with the IT service delivery and support leaders to draft, update, and implement policy.
* Direct and expand our enterprise wide security controls and safeguards.
* Respond to client security questionnaires and audits; participate in the RFP and contracting processes.
* Create and oversee the implementation of IT disaster recovery plans
* Facilitate creation of business continuity plans for Business Units and functions across the corporation
* Work with the IT Support and Operations management to participate on the incident response team.
* Develop the security team and overall IT organizations capability in line with security practice s goals and direction
* Create and maintain the enterprises security documents (policies, standards, baselines, guidelines and procedures) to be approved by executive management
* Audit of server event logs, firewall access logs, wireless access logs and firewall rules, to identify possible security or performance problems
* Oversee the monitoring and review of intrusion detection systems and firewall logs, analyze events and patterns, review access control lists, and manage network based vulnerability scans and penetration tests.
* Lead the performance of periodic information security risk assessment and conduct related ongoing compliance monitoring activities in coordination with the company s other compliance and operational assessment functions.
* Lead the analysis of network traffic and system logs to determine corrective action and implement counter-measures; evaluate security incidents, develop solutions and communicate results to end users and technical staff
* Liaise with Riverbed s Legal team and industrial security team in taking the necessary steps to ensure that Riverbed complies with U.S. export control laws and regulations and does not take action deemed adverse to performance on classified contracts.
* Perform in the role of "The Technology Control Officer (TCO)" for Riverbed. Technology Control Officer is responsible for managing and implementing the Technology Control Plan (TCP) and other written policies and procedures (ECP, et al), per NISPOM regulations; The TCO serves as the principal advisor to the GSC concerning the protection of controlled unclassified information and other proprietary technology and data subject to regulatory or contractual control by the US Government.
* Candidate MUST be a U.S. citizen.
* This position requires a Top Secret DoD security clearance; candidate must be able to obtain and/or maintain a Top Secret clearance.
Required skills and capabilities:
* Knowledge of security frameworks, standards, policies and practices including ISO 27000 series.
* The ability to analyze, interpret business requirements/issues and translate into appropriate security and risk solutions.
* Must have experience with Vendor Management on a services basis
* Experience with Change Management in organizations maturing their security posture
* An appreciation of IT, business and regulatory strategies in relation to global enterprise operating in countries all over the world
* Experience in evaluation of security and technology risk issues relating to new technologies and services
* Experience in leading or participating in technology reviews including due diligence assignments.
* Experience with compliance monitoring and operational assessment
* Understanding of contract language associated with information protection
* Ten years of experience in either risk management or information security and/or IT positions.
* Thorough understanding of identity and access management, including cross-domain federation and cloud service provider integration.
* Certifications: One or more of the following certifications: CISSP, CISM, CISA, CIPP, HCISSP, CRISC, CGEIT, ISO27001, PCIP required.
* Experience creating technical documentation, including product documentation, technology and process best practices, and technical whitepapers.
Why Riverbed Technology*
If you re a high-achiever who wants to be part of a dynamically growing, billion-dollar-plus San Francisco-based company, then you should consider Riverbed. If you want to rapidly develop your career with a company that is also a great place to work, Riverbed should be at the top of your list.
We are proud to be an EEO/AA employer. M/F/D/V/LGBT.