Senior Director - Network Security Engineering & Operations
Donnelley Financial Solutions (DFIN) is a leader in risk and compliance solutions, providing insightful technology, industry expertise and data insights to clients across the globe. We’re here to help you make smarter decisions with insightful technology, industry expertise and data insights at every stage of your business and investment lifecycles. As markets fluctuate, regulations evolve and technology advances, we’re there. And through it all, we deliver confidence with the right solutions in moments that matter.
Position Summary
The Senior Director, Network Security Engineering & Operations is responsible for partnering with the CISO in maintaining a corporate-wide, global data network and information security management programs. Reporting to the CISO, the Senior Director, Network Security Engineering & Operations will work with all areas of DFIN’s business to develop and articulate a shared vision for a highly effective global cybersecurity organization.
Responsibilities include strategy, engineering, solutions design, program coordination and execution, awareness, outreach, business management and reporting on network security, identity management, and cybersecurity program effectiveness. This position requires a seasoned leader with strong business acumen and a detailed working knowledge of a broad range of technologies, practices, policies, and their application to a global business with an emphasis placed upon risk management. The successful candidate is comfortable interacting with the senior levels of IT, Product Management, Sales, Finance, Operations, Internal Audit, and Risk Management. This senior leader will serve as an advisor to DFIN’s business leaders helping to ensure the global network and security programs are effectively enabling our business.
The ideal candidate is a thought leader, a consensus builder, and an integrator of people, processes and technology. This role requires a highly capable leader with a track record of competency in the field of network, technology engineering, information security, risk and compliance with direct experience in a comparable leadership role managing organizations of more than 15 people with budgets in excess of $10 million.
Responsibilities:
Network Security Engineering & Operations
• Understand potential and emerging information security threats, vulnerabilities, and control techniques.
• Ensure Wide Area, Local Area, and Wireless Networks are designed, implemented, and managed per expected service level agreements
• Work closely with Infrastructure & Operations, Product Engineering, Security Architecture, Incident Response & Investigations, and other leadership to scope, execute, and complete cybersecurity programs related to public cloud, private cloud and on-premise solutions
• Engineer and maintain layered security for web and unified communications services hosted in public and private cloud environments
• Engineer and maintain security event detection, incident response and digital forensics capabilities
• Monitor and manage network security infrastructure, such as firewalls, SIEM, IDS/IPS, etc.
• Participate in on-call and incident management activities
• Develop measurements and metrics for departmental and security performance
• Drive adherence to Cybersecurity architectures and standards
• Proactively seek out opportunities to reduce complexity and operational risk across all network and security solutions and services
• Provide network security capital and operating expense management planning and reporting
• Publish monthly, quarterly, and annual network security operational target and achieved KPIs
Cybersecurity Risk Management
• Closely partner with IT GRC to understand potential and emerging information security threats, vulnerabilities, and control techniques.
• Understands the trade-offs required to manage the different levels of risk appetite and risk exposure across the organization.
• Translates functional, technical, regulatory, and security requirements into actionable initiatives that result in network security and/or identity & access management solutions right-sized to meet today’s needs
• Supports corporate risk leadership to review enterprise IT and cyber risks, assess capabilities, prioritize security and risk strategies, and communicate risk intelligence in a way that drives business decision-making.
• Engages and coordinates cross functional business participation in risk profiling, investigation, escalation and resolution.
• Provides leadership to individual contributors building risk capabilities and build program oversight
• Ensures work products and outcomes from the Network Security Engineering and Operations teams meet or exceed cybersecurity control expectations
Program Governance & Management
Supports the development, implementation and monitoring of a comprehensive enterprise information security, compliance and risk management program.
• Provide leadership for the development of modern cybersecurity governance, policies and standards which are relevant and achievable in our modern, digital and cloud focused organization.
• Support bringing together key stakeholders to develop and review enterprise security strategies and roadmaps.
• Develop and manage information security budgets and monitor them for variances.
• Assist the CISO with overall coordination of program execution, timelines, deliverables and information requests across CISO functions and with other IT teams and business functions.
• Responsible for assuring process effectiveness, measurement and optimization, including key metrics, KRIs and KPIs.
• Monitor information security trends and evolving technologies; liaise with external partners, agencies and peers to ensure that the organization maintains a strong, proactive security posture; keep senior management informed about information security issues and implications for the company.
• Provide financial management leadership for each cost center assigned to the CISO organization. Ensure annual expense and capital budgets are established and monitored throughout each budgetary cycle. Provide consolidated upda
Required Skills:
• Bachelor’s degree in a relevant discipline.
• CISSP, CRISC, CISM, GSLC, C-CISO and/or other relevant certifications are a plus
• Minimum of 10 years’ experience leading global information security programs and applying information security, risk management and privacy practices.
• Minimum of 10 years’ experience designing and implementing enterprise information technology security; demonstrates industry leading security innovation skills and an eye towards understanding the threat environment from a preventative posture.
• Proven experience interfacing with senior and executive management and communicating complex cyber security concepts in business-relevant ways.
• Strong demonstrated knowledge of enterprise systems, cloud solutions and IT/security technologies.
• Experience with information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
• Business system continuity planning, auditing and risk management experience as it relates to information security.
• Extensive experience in strategic planning, budgeting and allocation.
• Excellent written and verbal communications skills with experience presenting to executives and leadership teams with the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Strong business analysis skills, problem solving techniques, and follow-up.
• Willing and able to “roll up” sleeves and lead from the front.
• A self-starter with a “can-do” attitude.
• A driver and implementer who possesses the poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Experience leading global teams.
It is the policy of Donnelley Financial Solutions to select, place and manage all its employees without discrimination based on race, color, national origin, gender, age, religion, actual or perceived disability, veteran's status, actual or perceived sexual orientation, genetic information or any other protected status.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access jobs.dfinsolutions.com as a result of your disability. You can request a reasonable aaccommodation by sending an email to [email protected].