Positions

Senior Director, Information Security Operations - 13564

Remote, United States

Job Summary

The Senior Director, Information Security Operations will manage a team of highly skilled Information Security professionals responsible for designing, implementing, and operating controls that safeguard BlackLine’s information resources. The Senior Director will assess and identify business security needs, prioritize work streams, oversee projects, establish and manage operational budgets, priorities and resources, design and manage operational metrics, prepare technical and executive security operation reports. This role encompassed operational security management, application security management, as well as subject matter advisory and education responsibilities. The Senior Director will closely influence and collaborate with engineering management to design, implement and operate technical security controls that protect the confidentiality, integrity and availability of information and systems. In addition, the role will work together with the Information Security Governance, Risk, and Compliance teams to manage security risks and operate the company’s information security management system. This technically inclined leadership role requires a motivated individual and experienced  people manager who will take a comprehensive, business-aligned approach to managing technology and talent, liaise among departments, negotiate complex priorities and deadlines, and provide visibility into technical aspects of the company’s information security program.

 

Roles and Responsibilities

Information Security program management

  • Design, implement, and maintain InfoSec operational standards, policies, processes, and procedures.
  • Identify, manage, and communicate portfolio of information security projects and align security initiatives with business objectives and risk tolerances.
  • Influence and partner with product and technology teams to ensure that information security policies and standards are properly implemented.
  • Actively participate and provide professional expertise to information security forums, communities, and industry-specific groups.
  • Evangelize security-centric culture and promote security best practices within the organization.
  • Lead/elevate security conversations and be the decision maker for operational security matters.
  • Collaborate with key stakeholders (Enterprise Risk Management, Legal, HR) on information security risk management and related organizational governance processes.

 

Security Architecture and Engineering

  • Manage operational security capacity, strategy, tools, and processes.
  • Oversee product and development security, and ensure implementation of security standards and configuration baselines.
  • Define, manage, and monitor infrastructure, cloud, and end-user security controls.
  • Be an active influencer and participant in architecture and strategy discussions with internal stakeholders, partners, and customers.
  • Research industry best practices, current trends, threats and vulnerabilities; recommend relevant changes to the company’s control environment.
  • Collaborate with infrastructure teams to devise and implement effective solutions to maintain adequate infrastructure and cloud security posture.

 

Security Operations

  • Manage security operations technologies, processes, and resources.
  • Oversee vulnerability management, threat intelligence, security monitoring, incident management, and remediation activities.
  • Work with technology operations teams to perform security risk assessments, intrusion testing, implementation and validation of hardening standards.
  • Develop, manage and lead incident response and forensic investigation processes.
  • Lead security conversations and be the escalation point for security incidents & investigations.
  • Continuously evaluate security processes, tools, and operational capabilities, and timely adjust them to maintain effective and efficient operational security processes and tools.
  • Design, manage, and communicate operational security metrics to technical team, key business stakeholders, and executive audiences.

 

Application Security

  • Work closely with Product Management and Engineering on securing software development lifecycle and ensuring alignment with secure coding practices.
  • Develop and manage program to measure and maintain code development and code delivery security.
  • Establish and manage application security testing, architecture reviews, code security audits, vulnerability scans, software composition analyses.
  • Design, communicate, and track application security metrics to engineering and executive audiences.
  • Interact and provide consulting perspective to customers on technical security topics.

 

 

Required Qualifications

Years of Experience in Related Field: 10+

  • CS, Engineering, or technical operations background with 10 years of experience in information security including 7+ years of progressive management experience.
  • 5+ years of cloud security management experience.
  • Expertise with current InfoSec concepts, technologies, industry trends, methods and techniques, and operational processes.
  • Mature metrics-driven and process-driven team leader, team builder, and team mentor.
  • Proven track record of effectively managing core information security tools and processes (e.g.: patch management, log management, malware management, network access control, threat and vulnerability management, web filtering, firewalls, proxies, APT, IDS, DLP, HIDS/NIDS, SOAP, SIEM, incident response, XDR, SOAR)
  • Solid understanding of networking fundamentals and commonly used network protocols and services.
  • Working knowledge of encryption algorithms and related technologies, TLS, PKI, encryption of databases and data at rest.
  • Solid knowledge of common web application platforms, common vulnerabilities, and exploitation techniques.
  • Strong understanding of SSDLC, OWASP, web application development, code auditing, manual and automated security testing methods, penetration testing
  • Advanced written and verbal communication skills including the ability to visualize technical and security topics for non-technical audiences.
  • Ability to evaluate situational risks, operate effectively under ambiguous circumstances, and address confidential and potentially uncomfortable issues.

 

Preferred Qualifications


  • Engineering or operations background with prior hands-on experience.
  • Prior experience supporting 24x7 mission-critical technology environments.
  • Multi-cloud control design and integration experience.
    • SaaS, software development environment and software delivery experience.
    #LI-AR1
    #LI-REMOTE

    Senior Director, Information Security Operations - 13564

    Apply Today