Apply: Director of Security Operations (flexible location) Reference: JO-2402-6795WSP is a global leader in engineering and professional services. We pride ourselves on delivering innovative solutions to our clients and maintaining a robust IT operation to support our employees worldwide. WSPs vast global network is today comprised of over 1,000 offices, 29 data centres, 1,300 data circuits, and used by over 65,000 users.Director of Security Operations (flexible location)WSP's Security Engineering and Operations Team is responsible for managing the global organization's security technologies and systems.The role of Director Security Operations reports directly to the Global Vice President Security Engineering and Operations and is responsible for leading our Security Operations Centre and working with the Manager of Incident Response and Manager of SOC Tools and Operations. This is primarily an internally facing role, although some interaction with clients and third parties may be required.Specific areas of responsibility may fall into any one of the following areas of Security Operations, as assigned by the staff's management. Security AnalysisThreat and Vulnerability ManagementNetwork, Database, Server and Endpoint, and Application SecurityPenetration TestingAntivirus and Antimalware analysisEvent AnalysisIncident ResponseEthical HackingManagementPrivileged access managementThe Director of Security Operations will have multiple security-related roles within the organization. Their main goal will be to provide a secure computing environment for the organization to conduct their business. The global security operations team will have overlapping duties however each role will have more specifically focused duties. As such, the role and essential duties will fit into the below classifications most closely.The director will be responsible for the overall direction and planning for both the incident response and tools team, liaising with our contracted partner for Level 1 and 2 Security Operations, 24/7 incident response, Security tool management, etc.Incident Management Process and Forensics – assist in providing forensic capabilities for the incident management process when needed. Monitor and manage infrastructure logging for security, including perimeter network devices, malware prevention, and intrusion prevention.Definition and implementation of controls - Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems. Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment.Endpoint Protection Strategy – Formulate the companies' Endpoint protection strategy, including but not exclusive to malware, host intrusion, encryption, browser protection and hardware level security controls.Network infrastructure security – responsible for determining and maintaining the technical standards for configurations of routers, switches, firewalls, IPS and IDS devices.Privileged access management – responsible for maintaining our PAM toolset, ensuring least based privilege across the organization, including secret management and elevated account management.Key responsibilities include:Director of two separate managers within the security organization, 2nd level management of Incident response and tools teams.Displays leadership and independence in performing their role, with an ability to make complex decisions with limited input and review from senior staff.High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.Assist in the hiring, training, and coaching of new and existing staff, and provide coaching to staff executing all aspects of information security and risk assessment and support.Develop positive working relationships with other team members and business partners and partner across teams to align with WSP internal and external client demands.Capable of rapidly assimilating and internalizing new complex business, technology, and risk management concepts and dependencies.Capable of clearly defining, presenting and selling recommended strategies to senior management teams in a business or technical context as appropriate.Critical thinker with strong problem-solving skills, project management skills; financial/budget management, scheduling and resource management.Able to interpret and apply laws, regulations, policies and guidance relevant to the organization information security objectives.Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate between specialized groups of business unit and IT professionals.Accommodation of schedule for international conference calls, limited travel within the regions you are responsible for.Ability to work with people from different backgrounds and cultures across the region and the world.Provide review feedback for analyst and other direct reports.Capacity Management within the SOC teams, including growth expectations, M&A onboarding etc.Finance/Budgetary ResponsibilitiesSupport the Global Vice President Security Engineering and Operations in developing the budget projections based on short-and long-term goals and objectives.About you:Related experience ininformation security, risk, compliance, or similar positionBachelor's degree or equivalent in Information Technology, Computer Science, Engineering or related fieldCertification in Information Security (CISSP, ISC, or CISM) practices and policiesKnowledge of security technologies (encryption, data protection, network intrusion prevention, EDR, firewalls, privilege access, etc.)Knowledge of enterprise IT security concerns and technologies, including but not limited to VPNs, network security, encryption, authentication, application-level network protocols, PKI, IPSec, Firewall, SSH, SSL, , LAN/WAN, and TCP/IPKnowledge of security best practices with relation to applications, network and client setupsExperience with IT Governance frameworks such as COBIT, ITIL and ISO 2700x, NISTExperience with governance, compliance, and audit within IT environmentsExperience of risk management, including risk analysis, mitigation, and monitoringKnowledge of information security regulations applicable to WSPPreferredMaster's degree in information technology, Computer Science, Engineering or related fieldKnowledge of KQL, Python and PowerShell is a plus.Due to the nature of this role, you may need to work outside of standard business hours. Please note that we can only consider applicants with the right to work in New Zealand and will not provide relocation support.Why us?WSP NZ has proudly earned its place among the top five employers to work for in Aotearoa New Zealand, as recognised in Randstad's latest employer survey. In addition, WSP has been listed as one of TIME's 2023 top 100 companies globally for employees. Our dedicated team is passionate about creating innovative, comprehensive, and sustainable solutions for a future that prioritises the well-being of our people, whanau, and communities. We contribute to complex and exciting projects addressing critical environmental and infrastructure challenges and have a solid pipeline of work across multiple disciplines.At WSP, we prioritise a diverse, inclusive, and supportive environment that empowers our people and allows them to be in control of their time. We believe that this is essential for us to achieve our common goals and that great results can be achieved through collaboration and by allowing everyone to bring their authentic selves to work. By fostering this environment, we inspire our team to strive for excellence and reach their full potential.Our benefit package is highly competitive and includes the following:Flexible and hybrid working arrangementsComprehensive medical insuranceUnspecified sick leavePersonal development and well-being grantProgressive parental leave policyOption to purchase up to 4 additional weeks of annual leaveReimbursement of up to 2 annual professional membershipsCommunity dayEmployee Assistance ProgrammeMultiple discounted products and services, and more.We will review applications as they come in, so if this opportunity sounds like you, don't wait to apply!First name *Last name *Enter your email address *Preferred Name *80Phone *8080Preferred Method of Contact *Street *80City *80Region *80Country *80Postal Code *10Qualification and Institution (eg. BEng University of Auckland) *100100Are you currently legally entitled to work in New Zealand? *Have you been convicted of a criminal offence or do you have any charges pending (in New Zealand or overseas) not including any concealed under the Criminal Records (Clean Slate) Act 2004? *If you answered yes to the previous question, please provide detail here.1000Do you have a full, clean and current New Zealand Driver License? *If you answered no to the previous question, please provide detail here1000Do you currently have, or have you ever had a medical or physical condition or an injury, which may be aggravated or contributed to by certain job tasks or affect your ability to perform the functions and responsibilities of the position applied for? *If you answered yes to the previous question, please provide detail here.1000What are your remuneration expectations? *What is your notice period? *100How did you hear about this vacancy at WSP? *Do you consent to the Company retaining the information in this application form for the purpose of considering your suitability for any other position which may arise with WSP in the future? *By submitting your application, you agree to the terms of the WSP Privacy Policy. Click here to view our privacy policy.#J-18808-Ljbffr
