ABOUT YOU
Are you passionate and ready to join an inclusive work environment, committed to leading new ideas and pathways, and to delivering value? If the answer is, “Yes!” then we have an exciting career opportunity for you as the Director of Cyber Operations, Architecture and Engineering! This is a remote role, but must have the willingness to travel.
Who are we? We are Montrose, a global environmental services provider offering environmental planning and permitting, measurement and analytical services, and environmental resiliency and sustainability solutions. Our qualified engineers, scientists, technicians, associates, and policy experts are proud of our collective expertise and the collaborative nature of our approach to helping clients. We strive to optimize environmental resiliency in a way that effectively complements our clients’ decision-making and operations and efficiently fulfills their project requirements.
We have over 135 Global offices across the United States, Canada, Europe and Australia and has 3,000+ employees – all ready to provide solutions for environmental needs.
WHAT WE CAN OFFER YOU
As a key member of our Montrose team, you can expect:
Mentorship and professional development resources to advance your career
Direct exposure to our industry’s leading experts who are solving the world’s toughest environmental challenges
An entrepreneurial environment where you can learn, thrive and collaborate with talented colleagues
Opportunities to engage and contribute in our Diversity, Fairness and Inclusion and Women Empowering Leadership employee resource groups
Competitive compensation package: annual salary ranging from $180k - $250k.
commensurate with accomplishments, performance, credentials and geography
Competitive medical, dental, and vision insurance coverage
401k with a competitive 4% employer match
Progressive vacation policies, company holidays and paid parental leave benefits to ensure work/life balance
A financial assistance program that supports peers in need, known as the Montrose Foundation
Access to a student loan planning tool to optimize your student loan payoff plans and compare student loan rates with lenders.
A DAY IN THE LIFE
Reporting to the CISO, this role is a key member of the IT team, this role will be responsible for a full range of activities including:
Direct a diverse team of cybersecurity architects, engineers, analysts and 3rd party service providers
Leads design and maintenance of cybersecurity architectures, standards and capabilities that mitigate business risk and facilitate business processes that are clearly aligned with business, technology and threat drivers.
Develops security strategy, solutions, processes, plans and roadmaps based on sound security best practices aligned with business risk tolerances
Determines baseline security configuration standards for operating systems (e.g., operating system hardening), network segmentation, and identity and access management (IAM)
Develops security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the Chief Information Security Officer (CISO)
Tracks developments and changes in the digital business and threat environments to ensure that they are adequately addressed in security strategy, solution, plans and architecture
Validates IT infrastructure and other reference architectures for security best practices, policies and recommend changes to enhance security and reduce risk where applicable
Work with Montrose development and infrastructure teams to identify and remediate application and infrastructure-related vulnerabilities through findings and remediations.
Direct and execute processes responsible for the advanced analysis of security threat intelligence (malicious code, hackers and zero day exploits, etc.) to proactively prepare for security events.
Establish incident response standards, related training requirements, and processes and procedures to ensure quality response to various forms of security issues (i.e., fraud) and resolve/achieve maximum protection of members and assets; lead the incident response process and execution including unauthorized access, security policy violations and intellectual property leaks.
Define Objectives and Key Results (OKRs), strategic risk indicators, and metrics/scorecards to understand current health and drive insights into future focus areas for the team before issues occur/risks are realized.
Conducts or facilitates threat modeling of services and applications that tie to the risk and data associated with the service or application risk tolerances
Coordinates with various teams to advocate secure coding practices and escalate concerns related to poor coding practices to the CISO
Coordinates with assurance functions and data owners to document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommends controls to ensure data is adequately secured (e.g., encryption, tokenization, residency, etc.)
Reviews network segmentation approaches to ensure least privilege for network access
Network architecture experience with advanced knowledge of network technologies/protocols and computer security concepts in a large-scale networking environments
Demonstrated ability to lead, manage and be fully accountable for a geographically dispersed virtual team supporting a fast-paced work environment
Integrates technical security controls, regulatory compliance requirements, and security engineering into the MEG infrastructure and associated technology during design, development, and implementation lifecycle to meet security and compliance requirements
Provides guidance in the development of IT capabilities to meet evolving US government security requirements, as well as identifying opportunities for efficiency gains through standardization, centralization, and automation
NECESSARY QUALIFICATIONS
To perform this job successfully, individuals must be able to perform each duty and responsibility satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
Required Qualifications:
10+ years of relevant and progressive information security experience with a heavy focus on threat detection, security design and incident response
Bachelor’s degree in Computer Science, Information Systems or a related field is required
Experience preparing an organization for and successfully obtaining accreditation via a formal assessment (e.g. CMMC)
Advanced knowledge in planning, directing, and evolving, Security Operations Center (SOC) operations for a large and complex enterprise
Knowledge of federal cybersecurity and data privacy laws, regulations, and policies
Demonstrated mastery of the lifecycle of cybersecurity threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs)
Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities
Extensive leadership experience creating, building, and maintaining high-performing teams, particularly in a cybersecurity environment.
The above statements are intended to describe the general nature of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties and skills required of employees so classified. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact 949-988-3500 or
careers@montrose-env.com
for assistance.
MAKE THE MOVE
We are going to be blunt – the way we work may not suit everyone. We are a fast-paced, dynamic and high-growth company. You are your own boss, but you will get tons of guidance and plenty of support from talented, super-smart colleagues and its service providers. Therefore, if freedom, autonomy, and head-scratching professional challenges attract you, we could be the perfect match made in heaven.
Want to know more about us? Visit
montrose-env.com
and have fun!
Montrose is an Equal Opportunity Employer. Montrose is committed to recruiting and hiring qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status. Montrose is committed to providing access and reasonable accommodation in its employment for individuals with disabilities.