Director, Information Security

Director, Information Security

Job Locations: United States-OH-Cincinnati

Category: IT Infrastructure & Support

Job Summary

The Director of IT Security is a strategic leader responsible for safeguarding the organization's information assets and infrastructure. This individual will develop, implement, and manage a comprehensive cybersecurity program, ensuring compliance with industry standards and regulations. They will lead a team of security professionals, oversee vulnerability assessments and incident response, and drive continuous improvement in the organization's security posture. You will be joining an organization where your contribution makes a significant impact in protecting Medpace and our Sponsors.

Responsibilities

1. Plan, direct and manage the day to day operations of the IT Security department;
2. Develop, maintain, and enforce IT security procedures and policies that are effective and efficient in protecting Medpace computer systems & data and are consistent with regulatory requirements;
3. Safeguard information system assets by identifying and solving potential and actual security problems;
4. Protect systems by defining access privileges, control structures, and resources;
5. Recognize problems by identifying abnormalities; reporting violations; manage IT Security incidents to closure;
6. Implement security improvements by assessing current situation, evaluating trends, anticipating security risks;
7. Determine security violations and inefficiencies by conducting periodic audits;
8. Work across IT to upgrade systems by implementing and maintaining security controls;
9. Keep IT leadership informed by preparing security posture reports; identifying areas/process improvement opportunities; communicating security trends and risks;
10. Maintain quality service by following organization standards;
11. Collaborate with Functional Areas/business units across the company to ensure IT Security best practices are understood and followed;
12. Oversee the hiring, training, evaluation, and retention of associates;
13. Conduct IT Security policy training and ensure employees are working in compliance with SOPs and Good Clinical Practice guidelines.

Qualifications

1. Bachelor's degree in information security, cybersecurity, information technology or related discipline;
2. 8-10 years of IT management experience;
3. Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification preferred;
4. Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements;
5. Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations;
6. In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Microsoft Sentinel);
7. Understanding of mobile technology and OS (i.e. Android, iOS, Windows) and VMware technology;
8. Extensive experience in all Microsoft related products including operating systems, Active Directory, Azure, Remote Server and Desktop Access, SQL Server, Office 365, Teams and SharePoint;
9. Experience with Perimeter Security systems and software (e.g., Firewalls, Intrusion Protection Systems, VPN);
10. Excellent management, leadership, communication, presentation, organization and positive influencing skills.