This site uses cookies. To find out more, see our Cookies Policy

SEARCH OUR OPENINGS

Director - Cyber Security & Threat Management in Huntersville, NC at American Tire Distributors

Date Posted: 11/22/2018

Job Snapshot

  • Employee Type:
    Full-Time
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    11/22/2018

Job Description

We look forward to your application! When applying, please be sure to put your Full Legal First Name and Last Name for legal and processing purposes.

Are you looking for an opportunity to turn your ambition and your people skills into a rewarding career with an industry leader? Join our team at American Tire Distributors! As the nation's premier tire distributor, ATD’s coast-to-coast distribution network provides approximately 80,000 customers across the U.S. and Canada with rapid and frequent delivery of high quality tires, custom wheels and shop supplies. 

Position Description: 

This Director of Cyber Security Threat Management has overall leadership, development, staffing, and technical hands on responsibility for leading the Cyber Security Threat Management organization for American Tire Distributor (ATD) enterprise wide.

This position reports to the Head of Security and is responsible for developing and leading the Cyber Security Threat Management organization that identifies, monitors, and manages ATD’s cyber security threats and vulnerabilities and drives defensive remediation capabilities. This position will ultimately drive the creation of a 7x24x365 cyber security threat detection capability responsible for delivery of cyber threat monitoring, vulnerability management, and analysis of complex threat intelligences. This position has a wide expanse of key relationships and must demonstrate strong leadership, relation management, and collaboration competencies.



Essential Duties & Responsibilities

  • Design and implement an enterprise Cyber Security Threat Management roadmap and strategy.  Ensure that plan strategically aligns to current and future security capabilities and adjusts to align with business drivers. 
  • Deliver cyber security threat management architecture and implement a protection program enterprise wide.
  • Develop standard work and operational processes that interact across IT and business entities.
  • Lead development and dissemination of cyber security threat intelligence both internal and external.  Own and drive counter measures based on security incidents. 
  • Perform daily cyber security analysis, triage, and prioritize security issues and events as required.
  • Lead analytical teams that monitor for cyber threats and processes for escalation.
  • Develop and maintain partnerships with local and federal authorities in relation to Cyber Security Threat incidents as necessary.
  • Correlate security event data from intrusion detection and intrusion prevention systems and log management systems for security threats (SIEM) and directs mitigation actions. 
  • Initiate escalation process and counter potential threat activities and vulnerabilities.  
  • Lead security forensics investigative processes to include e-Discovery collections. Support internal investigations as required. Deliver technical forensics capabilities and incident handling support sound forensics investigations and chain of custody processes.
  • Lead in the development of an incident response policy, standards, and playbook associated with an enterprise wide Cyber Security Incident Response program. Periodically conduct test exercises across the enterprise and drive continuous improvement processes and capabilities. 
  • Build and maintain a comprehensive process caring for all vulnerabilities that impact applications and infrastructure that enable our business processes.
  • Establish and maintain a standard framework that allows us to move towards one vulnerability management process which is leveraged by all assessment methodologies
  • Keep current on the emerging threat environment. Leverage research and alerting services of new vulnerabilities and global threats.
  • Provide critical analyses and information from vulnerability data which can be leveraged to enhance the security of our products and services. 
  • Deliver measurable metrics reporting, Key Risk Indicators (KRI’s) and Key Performance Indicators (KPI’s) that will be used for board of directors reporting and continuous improvements for the program.


Direct Report Position Title(s)

  • Senior Cyber Security Threat Analyst; Threat Management Analyst




Qualifications



Required

  • Minimum bachelor’s degree from four-year college or university preferred.
  • Minimum of 5 years’ experience – Cyber Security Threat Management Director or above.
  • Minimum of 7 years’ total of Cyber Security Threat & /or Vulnerability Management & / or Threat Intelligence.
  • Hands on experience in using intrusion detection tools and services.
  • Hands on experience in using vulnerability management tools and services.
  • Experience in cyber kill chain and intelligence driven response processes.
  • Experience in security architecture, engineering, Identity Access Management, and Security Operation roles.
  • Experience in reverse engineering of malware and application development.
  • Experience in conducting analysis of log data, data correlation, and device analysis.


Candidate Skills and Competencies

Skills

  • Ability to translate risk impact to business acumen.
  • Expert in designing an enterprise cyber security threat and vulnerability management program – and staffing and leading a highly effective team across multiple disciplines.
  • Expert knowledge of cyber security including hands on proven forensics investigation experience.
  • Expert knowledge in delivering enterprise cyber security and incident response processes
  • Expert in developing and using programming scripts.
  • Expert in using network traffic analysis tools and using advanced network security tools and utilities.
  • Hold at least 2 Cyber Security Certifications (current) specific to Cyber Security Threat Management (CISSP, SANS / GIAC, CISM, or other).
  • Knowledge of effective planning, development, and execution capabilities.
  • Knowledge of effective delivery of key metrics, and reporting.
  • Able to effectively deliver services that demonstrate compliance with applicable laws, including but not limited to PCI-DSS, HIPAA, GDPR, and SOX related requirements.
  • Cross IT expertise in the following disciplines:  Java, .NET, Networking, Databases, Middleware, Operating Systems, Endpoint systems (desktops, iPads, mobile), Cloud services, IoT technologies, File integrity monitoring tools, Data Loss Prevention tools, security scanners, firewalls, application firewalls, load balancers, proxies and others.
  • Knowledge of software development processes in place at American Tire.

Competencies

  • Risk Management (BURM)
    • Understand and create business process workflows and business impact analyses related to operational processes as well as IT systems, hardware, and networks processes.
    • Perform overall risk analysis for the company to identify points of vulnerability and recommend disruption avoidance and reduction strategies.
  • Security Administration (SCAD)
    • Develop and manage security and compliance program processes and initiatives.
    • Monitor the application and compliance with regulatory requirements.
    • Ensure that all identified breaches in security are promptly and thoroughly investigated in alignment with security/compliance requirements.
    • Ensure that security records are accurate and complete in alignment with corporate and regulatory requirements.
  • IT Management (ITMG)
    • Identify and manage resources needed for the provision of security services.
  • Performance Management (PEMT)
    • Manage individuals and groups.
    • Provide support and guidance as required, in line with individuals’ abilities.
    • Advise individuals on career paths, and encourages pro-active development of skills and capabilities.
    • Set performance targets, and monitors progress against agreed quality and performance criteria.
    • Provide effective feedback, throughout the performance management cycle, to ensure optimum performance.
  • Resourcing (RESC)
    • Develop plans to ensure that the organization has appropriately skilled resources to meet organizational objectives and commitments.
    • Manage the effective implementation of resource planning, recruitment, selection, assessment, on-boarding and transitioning of resources.
    • Advise on standards, methods and tools for resource management.
    • Ensure compliance with relevant statutory or external regulations and codes of good practice.
    • Contribute to the development of resource management policies, standards and guidelines and to audits and assessment of resource management processes.
  • Professional Development (PDSV)
    • Determine the required outcomes for learning or development, from organizational development needs training strategies, and agreed career pathways.
    • Mentor assigned practitioners, ensuring alignment with predetermined statements of required development outcomes.
    • Assist each practitioner with the creation of development plans based on the outcome statements.
    • Validate practitioners' records at the end of each cycle of planned development, to ensure that achievements and enhanced capabilities are correctly recorded and referenced to the outcome statements.


Additional Details (work environment, specializations, etc.)

  • Physical demands:  While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle or feel objects, tools or controls; reach with hands and arms; climb stairs; balance, stoop, kneel, crouch or crawl; talk, hear, taste and/or smell; the employee must occasionally lift and/or move up to 50 pounds.  Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus.
  • Work environment:  While performing the duties of this job, the employee is exposed to weather conditions prevalent at the time.  The noise level in the work environment is usually moderate.
  • Travel required:  as required up to 20%

This job description in no way states or implies that these are the only duties to be performed by the employee occupying the position.  Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by their supervisor, subject to reasonable accommodations.  Nothing in this job description creates a contract of employment in any way for any person.   All employees hired by American Tire Distributors, Inc. are employees at will and the company reserves the right to terminate employees at any time for any reason or no reason at all.

Build a challenging and rewarding career with us!

American Tire Distributors is an Equal Opportunity Employer and Drug Free Workplace


Shift Type:
Job ID: R06876