Director Information Security Engineering in Las Vegas, NV at Wynn Careers

Date Posted: 2/7/2020

Job Snapshot

Job Description

The Director of Information Security Engineering is responsible for overseeing the operations of the enterprise’s security solutions through the management of the organization’s security engineers and analysts. The Director of Information Security Engineering provides guidance when it comes to analyzing and evaluating networks and security vulnerabilities, and managing security systems such as anti-virus, firewalls, patch management, intrusion detection and encryption.  The Director of Information Security Engineering directs the planning and implementation of enterprise IT security initiatives and facilitates defenses against security breaches and vulnerability issues.  This individual is also responsible for ensuring all systems adhere to defined security policies and standards.  The Director of Information Security Engineering is expected to interface with peers in the Systems and Network departments, as well as with the leaders of the business units, to ensure the corporate security posture is maintained through collaborative co-operation.   The Director of Information Security Engineering works in collaboration with the Director of Cyber Security Incident Response to ensure that any information necessary to expose security vulnerabilities or incidents is readily available to all the Information Security teams.



Responsibilities

Strategy & Planning

  • Create and maintain the enterprise’s security documents (policies, standards, baselines, guidelines and procedures).
  • Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
  • Create and maintain the enterprise’s security architecture design.
  • Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies.
  • Participate as a member of the information technology management team in governance processes of the organization’s security strategies.
  • Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders.
  • Work with corporate training departments to create and maintain the enterprise’s security awareness training program.
  • Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.

 

Acquisition & Deployment

  • Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.
  • Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
  • Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise’s existing procurement processes.
  • Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.

 

Operational Management

  • Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
  • Ensure the enforcement of enterprise security standards.
  • Supervise all investigations, in conjunction with other departments (HR, Corporate Investigations, Legal), into problematic activity and provide on-going communication with management.
  • Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
  • Supervise the design and execution of vulnerability assessments, penetration tests and security audits.
  • Engage in ongoing communications with peers in the Systems and Networking groups as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.
  • Work closely with IT department on corporate technology development to fully secure information, computer, network, and processing systems.
  • Manage the administration of all computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
  • Recommend and implement changes in security policies and practices in accordance with changes in local or federal law.
  • Creatively and independently provide resolution to security problems in a cost-effective manner.
  • Assess and communicate any and all security risks associated with any and all purchases or practices performed by the company.
  • Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with corporate budgetary objectives and personnel policies.
  • Act as advocate and primary liaison for the company’s security vision via regular written and in-person communications with the company’s executives, department heads, and end users.
  • Collaborate with IT leadership, privacy officers, and human resources to establish and maintain a system for ensuring that security and privacy policies are met.


Skills and Knowledge

  • Understanding of data protection methodology and data security principles
  • Understanding of data threat response and data threat management
  • Is familiar with common data security and threat management software
  • Is capable of making decisions or recommendations regarding a data threat incident
  • Extensive experience in enterprise security architecture design.
  • Extensive experience in enterprise security document creation.
  • Experience in developing Business Continuity Plans and Disaster Recovery Plans.
  • Working technical knowledge of security systems including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
  • Strong understanding of IP, TCP/IP, and other network administration protocols.
  • Proven experience in planning, organizing, and developing IT security system technologies.
  • Experience in planning and executing security policies and standards development.
  • Excellent knowledge of technology environments, including information security and defense solutions.
  • Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems.
  • Good understanding of computer systems characteristics, features, and integration capabilities.
  • Experience with systems design and development from business requirements analysis through to day-to-day management.
  • Excellent understanding of project management principles.
  • Demonstrated ability to apply IT in solving security problems.
  • In-depth knowledge of applicable laws and regulations as they relate to security.

Job Requirements



Requirements

  • Must have a strong computer network engineering background
  • High degree of personal integrity and ethics as well as a passion for protecting people and systems
  • Constantly striving for excellence using objective, transparent and agreed upon standards
  • Excellent written and oral communication and presentation skills for leadership, technical and business audiences
  • Detail oriented, self-motivated and disciplined, with excellent time management skills
  • 4+ years of Information Security experience
  • 5+ years of Information Technology experience
  • Advanced knowledge of content creation concepts and best practices.
  • Experience with threat analysis and event tuning


Hiring Considerations

  • College diploma or university degree in the field of computer science and/or 7 years equivalent work experience.
  • Individuals must have at least 4+ years’ experience in data security in a large or enterprise IT environment, and at least 6+ years’ experience in Information Technology.
  • Individuals should have some experience in government related data security or law enforcement
  • Strong consideration given for CISSP or SANS certification, specifically with one or more of the following certifications:
    • GIAC Security Essentials Certification
    • GIAC Security Leadership Certification
    • ISACA Certified Information Security Manager
    • Microsoft Certified Systems Engineer: Security
    • (ISC)2 SCCP
    • (ISC)2 CISSP
    • (ISC)2 ISSAP