Head of Information Security
General Summary
Are you excited by a challenge? Driven by learning and growth? Experienced at developing a team of security experts? Then building out Andrew’s information security team may be the right next step for you.
Andrew is an innovative, market leading business that has spun out of CommScope and is now a wholly owned subsidiary of Amphenol. What we have is an experienced team of engineers building great products our customers love, and experienced executives who have been with the business unit for the long term. What we need is a passionate, experienced security leader to build and run our security program.
Reporting to the VP Chief Information Officer, you will bring a strong security engineering, incident response, and risk management background to lead a team of two leaders (SOC and IAM) and about five analysts. You’ll partner with your new colleagues at CommScope and Amphenol to lead the security program, in a new IT environment, leveraging managed services and SaaS to help you scale.
Your success in this role depends on strong domain knowledge in technical cybersecurity so you can set a vision for cyber and IAM capabilities and tools. And you’ll bring a working knowledge of policy and governance basics so that the broader IT team can adopt the controls you define. As a key executive and the senior-most security professional at Andrew, you’ll need to be a strong manager, effective at defining a strategy, driving results, and communicating with all levels of stakeholders.
Your reward will be the satisfaction of excellence: building a strong team and processes that deliver security capabilities in the service of our customers, and their customers – the billions of people that Andrew products and services help to connect each day.
Duties & Responsibilities
- Work with the business seller (CommScope) and buyer (Amphenol) to define a NIST-aligned or similar set of core information security controls. Leverage CommScope or Amphenol policies, or write your own, to define security standards and a governance mechanism for Andrew.
- Work with CommScope, Amphenol, and third-party providers to deploy core controls including privileged access management, multi-factor authentication, email security, endpoint detection and response, SIEM, vuln management, firewalls / IDS / IPS, etc.
- Build a Security Operations Center to build out the detection and response capabilities. Drive coverage and effectiveness. Outsource routine work to a managed service provider.
- Build an Identity & Access Management COE, in building out a lightweight IAM program. Drive coverage and effectiveness.
- Build a GRC program to manage policy, governance, and program matters.
- Lead during high-profile incident response and business continuity events.
- Recruit, retain, motivate, and develop a high-performing team.
- Develop a long-term security strategy, communicate to your senior executive stakeholders, manage a budget and project plan as you grow to long-term operating maturity.
- Develop relevant metrics and scorecards. Leverage resulting insights to demonstrate value and drive continual improvement.
Identify opportunities to elevate and scale analysts ever further into knowledge work, automating identification and response to routine events wherever possible
SKILLS REQUIRED
Include demonstrated competencies and physical, mental, & interpersonal skills.
Computer Science or Cybersecurity Degree
7+ Years of Related Experience
- At least 7+ years of previous experience, demonstrating increased responsibility among the security domains and people leadership relevant to this role.
- Technical experience deploying and configuring the standard stack of security tools necessary to deliver the capabilities included in this role. Examples include threat intelligence platforms, SIEM, SOAR, FIM, IDS / IPS, DLP, EDR, Firewalls (L3/L7), and email security.
- Experience building, developing, and retaining teams of high performing technical staff.
- Experience managing a 24 x 7 x 365 operational environment.
- Excellent communication skills (technical and non-technical stakeholders) and strong executive presence.
- Experience maintaining effective relationships with vendors, buying security products, and leveraging professional services.
- Experience writing cybersecurity related policies and procedures. Experience developing security processes and workflows using tools such as ServiceNow.
- DESIRED – CISSP or other senior-level certification.
- DESIRED – Existing experience / relationships with law enforcement, security information sharing groups such as the ISACs / CISA / DHS / etc.
#LI-EF1