Director of Cybersecurity

Summary

We are seeking a visionary and highly experienced Director of Cybersecurity to lead and fortify our organization's digital defenses. This senior leadership role is critical in designing, implementing, and overseeing comprehensive cybersecurity strategies that safeguard our computer systems, networks, and applications. The ideal candidate will possess a deep understanding of complex IT architectures, stay abreast of the latest security innovations, and proactively address evolving compliance obligations, regulations, and risk landscapes. You will be instrumental in quickly grasping our business operations and technology needs to develop robust security structures that protect our critical software, systems, and products.

What You'll Do

• Lead the strategic design, implementation, and maintenance of enterprise-class security systems for a dynamic production environment.
• Drive compliance and certification initiatives for multiple critical standards including ISO 27001, SOC 2 Type 2, GDPR, and PCI-DSS.
• Align security standards, frameworks, and best practices seamlessly with our overall business and technology strategies.
• Proactively identify, analyze, and communicate current and emerging security threats, developing architectural elements to mitigate risks effectively.
• Collaborate closely with software development leaders to embed the highest security best practices into our applications, addressing findings from tools like OWASP, SonarQube, and Qualys.
• Engineer innovative security solutions that expertly balance business requirements with robust information and cybersecurity needs.
• Identify and resolve security design gaps in both existing and proposed architectures, recommending strategic enhancements.
• Establish and oversee rigorous system tests and continuous monitoring of network and application security performance.
• Manage project timelines for critical security system upgrades and enhancements.
• Implement and enforce least-privilege access controls across all IT systems based on user roles and business necessity.
• Develop, test, and refine disaster recovery procedures, including conducting regular breach of security drills.
• Lead prompt responses to all security incidents, conducting thorough post-event analyses to prevent recurrence.

What You'll Bring

• 7+ years of progressive experience in cybersecurity, security architecture, or computer network defense, with a proven track record of delivering impactful security solutions.
• Expertise in security architecture principles, solution delivery, and the application of emerging security technologies.
• Demonstrated experience designing and implementing comprehensive digital security solutions, including continuous monitoring and iterative improvements.
• Deep knowledge and practical experience with relevant security standards: NIST frameworks, ISO 27001, SOC 2 Type 2 attestation, and PCI-DSS certification.
• Proven ability to consult, engineer, and implement robust security best practices across an organization, meeting both business goals and regulatory requirements.
• Comprehensive understanding of cloud computing security considerations (e.g., data breaches, authentication vulnerabilities, account hijacking, insider threats, APTs, data loss, DoS attacks), with AWS experience preferred.
• Extensive experience in Identity and Access Management (IAM), including integrating security policies and technologies to control and track access to sensitive resources.
• Solid command of security principles across diverse operating environments, including Windows and *NIX.
• Exceptional communication skills, with the ability to effectively articulate complex technical topics to diverse audiences, both technical and non-technical.
• Strong critical thinking and root cause analytical skills to dissect complex security challenges.
• Proven leadership, project management, and team-building capabilities, including leading cross-functional initiatives.
• Demonstrated ability to identify and assess risks associated with business processes, operations, information security programs, and technology projects.
• Subject matter expertise in areas such as computer forensics, incident response, intrusion analysis, malware analysis, and/or security engineering.
• Direct experience operating within an enterprise-level incident response team or Security Operations Center (SOC).
• Hands-on experience handling advanced cybersecurity incidents and utilizing associated incident response toolsets.

Education & Certifications

• A Master's degree in an IT or cybersecurity field is highly preferred.
• Required Certifications:
  • Certified Information Systems Security Professional (CISSP)
• Highly Desired Certifications (one or more is a strong plus):
  • Certificate of Cloud Security Knowledge (CCSK)
  • Certified Ethical Hacker (CEH)
  • Certified Information Systems Auditor (CISA)
  • SANS-related certifications

Position Details

• Position Type: Full-time
• Work Schedule: Monday through Friday, normal core business hours; flexibility for nights and weekends as needed.
• Travel: May require occasional travel.
• Compensation: This position's good faith annual salary range is $180,000 - 185,000.00, commensurate with experience and location.

Who We Are

API is the global leader for crew accommodation solutions, and we are changing the way businesses manage travel. Our technology platform streamlines the entire crew planning process, making day-to-day operations more efficient and elevating the crew layover experience. API’s proprietary technology, mobile solutions and our experienced team are positioned to offer our clients a complete, end-to-end platform that integrates seamlessly into their process. We are looking for dynamic, creative, and tech savvy individuals to join our team. If you are passionate about hard work, providing impeccable service, technology, and solutions to our clients then API may be a great fit for you!

Other Duties

Duties, responsibilities and activities may change at any time according to business needs.

The performance of additional responsibilities if you are designated as a Data Protection Champion (DPC), Senior Information Risk Owner (SIRO) or Information Assurance Accounting Officer (IAAO).

Work Environment

This position operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand, walk; use hands to finger, handle or feel; and reach with hands and arms.

AAP/EEO Statement

Accommodations Plus International is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, genetic information, arrest record, or any other characteristic protected by applicable federal, state or local laws. Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities and general treatment during employment.