Director of Cyber Threat and Vulnerability Management

  • Request Technology - Stephanie Baker
  • San Francisco, CA, USA
  • Nov 01, 2017
Full time Information Technology Telecommunications

Job Description

Seeking a Director of Cyber Threat and Vulnerability Management for a prestigious Financial Services Organization.

This role will be responsible for building a security team from ground-up and define/design services to anticipate, detect and stop sophisticated cyber threats and conduct digital forensics investigations.


  • Build and lead a 24x7 team of experienced cyber threat analysts to monitor and analyze security events
  • Build and lead a team of security threat management solution designers and developers to envision, design, build, and implement automated threat detection and blocking solutions using behavior-based and indicator-based detection, machine learning-powered artificial intelligence, big data analytics and visualization, automated adversary deception, Real Time forensics, and other leading technologies.
  • Lead a 24x7 team of senior incident response engineers and forensic investigators to contain, investigate, mitigate and recover from information security incidents and appropriate use risk events


  • At least 3 to 7 years of senior leadership experience in the information security discipline in Fortune 100 size organizations.
  • Exceptional written, visual and verbal communication skills and experience communicating effectively with executive business leaders and external customers.
  • Proven track record of identifying, hiring and retaining the top talent in cyber security, survivable system engineering, and IT risk management resource markets.
  • Experience in designing, building and managing global mission-critical 24x7 organizations that use a variety of staff sourcing models (co-sourcing, offshoring, etc.).
  • Experience in staffing, mentoring, coaching, and managing leadership teams consisting of multiple directors and senior managers.
  • Demonstrated track record of successfully developing and maturing cyber risk organizations with the emphasis on delivering results.
  • Deep understanding of and prior hands-on experience in all major information security, appropriate use, and survivable system engineering functions and activities including policy setting, vulnerability/risk research, security/availability architecture, system security/survivability engineering, incident response, cyber risk operations, cyber risk audit/compliance.
  • Track record of successfully executing profound organizational changes while maintaining support, buy-in and commitment from all stakeholders.
  • Complete architecture-level understanding of all major information security and appropriate use enforcement technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, active adversary deception, and others.
  • Deep understanding of all applicable regulatory standards and requirements including HIPAA, NAIC ORSA, FISMA, NAIC MAR, and others.
  • Demonstrated ability to influence business leadership and cross-functional teams.
  • Proven track record of managing all aspects (scope, budget, schedule, quality) of cross-functional large-scale IT/business projects in Fortune 100 scale global environments.
  • Externally recognized information security and IT risk management industry thought leadership and innovation accomplishments.
  • Strong skills and experience in designing and documenting complex processes, and identifying and eliminating deficiencies in existing process designs.
  • Understanding of contemporary security vulnerabilities, exploitation techniques and attack vectors.
  • Demonstrated ability to establish and maintain strong working relationships with external customers, suppliers, business partners, industry peers.
  • A widely-recognized professional certification such as CISM or CISSP is strongly preferred