Director of Information Security

The Philadelphia International Airport is managed by the Department of Aviation of the City of Philadelphia.  The airport handles approximately 82000 travelers per day.  The airport Information Technology department is headed by the Chief Information Officer (CIO). As the Director of Information Security you will play a pivotal role in safeguarding the confidentiality integrity and availability of Philadelphia International Airports information assets. Reporting directly to the Chief Information Security Officer (CISO) you will be tasked with leading strategic initiatives to mitigate cyber threats ensure compliance with industry regulations & standards. Must have a sound business acumen to help identify evaluate and report information security risks in a manner that supports the risk posture of the organization.

Essential Functions and Responsibilities:

• Strategic Leadership Collaborate with the CISO and senior leadership to develop and maintain the organizations information security strategy policies and procedures. Provide strategic direction and guidance to the information security team aligning security initiatives with business objectives and risk tolerance.
• Risk Management Lead the identification assessment and prioritization of information security risks threats and vulnerabilities across the organizations IT infrastructure and systems. Implement risk mitigation strategies and controls to address identified risks effectively. Develop capabilities to manage third party Cybersecurity risks.
• Security Governance & Compliance Lead the identification assessment and prioritization of information security risks threats and vulnerabilities across the organizations IT infrastructure and systems. Develop risk mitigation strategies and controls to address identified risks effectively.
• Threat Management Execute strategies for continuous monitoring of network traffic system logs and user activities to identify unauthorized or suspicious behavior. Review security monitoring tools technologies to detect and alert potential security incidents and anomalies. Maintain incident response plans and procedures to effectively respond to and mitigate security incidents. Lead the investigation of security breaches and incidents coordinating response efforts and implementing corrective actions as necessary. 
• Third Party Risk Management Assess and manage risks associated with thirdparty vendors and service providers ensuring contractual obligations and security requirements are met. Develop processes for evaluating monitoring vendor security posture and performance.
• Security Operations & Technology Oversee the implementation and maintenance of security technologies and tools ensuring they effectively identify protect detect respond and recover to security threats & vulnerabilities.
• Change Management Lead change management committee for reviewing approving and implementing changes and ensuring security controls configurations are updated and maintained. Foster open communication and collaboration among stakeholders creating forums for dialogue to facilitate decisionmaking and address concerns related to change initiatives.

Experience/Required skills:

• Strong leadership and management skills are essential for effectively leading a team of security professionals.
• Proficiency in risk management is necessary for identifying assessing and mitigating information security risks.
• Indepth knowledge of security architecture and design is necessary for developing and implementing robust security controls.
• Expertise in security operations is essential for monitoring detecting and responding to security threats and incidents.
• A comprehensive understanding of compliance and regulatory requirements is crucial for ensuring that the organizations security practices align with relevant standards and regulations.
• Excellent communication and presentation skills are needed for effectively conveying complex security concepts to nontechnical stakeholders.
• Strategic planning and execution skills are essential for developing and implementing a comprehensive information security strategy aligned with business objectives.
• Proficiency in vendor management is necessary for evaluating and selecting security vendors and managing vendor relationships effectively.
• Strong team building and development skills are crucial for fostering a collaborative and highperforming security team.

Desired Experience and Abilities:

• Proficiency in analyzing evaluating security threats and vulnerabilities as well as assessing the potential impact on the organization.
• Extensive experience in conducting thorough risk assessments vulnerability assessments and penetration testing to identify and prioritize security risks.
• Ability to architect and integrate security solutions into the organizations infrastructure ensuring the confidentiality integrity and availability of information assets.
• Commitment to staying updated on emerging security threats trends and technologies.
• Ability to adapt to evolving security challenges and requirements proactively adjusting security strategies and tactics to address new threats and vulnerabilities.
• Provide strategic risk guidance for IT projects including the evaluation and recommendation of technical controls.
• Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
• Familiarity with cybersecurity principles tools and best practices.

Qualifications :

• Bachelors degree in Computer Science Information Technology Information Systems or a related field; Masters degree preferred.
• Minimum of 10 years of progressive experience in information security with 5 years of leadership or managerial experience.
• Proven track record of developing and implementing information security strategies and initiatives in alignment with NIST Cybersecurity Framework.
• Experience with conducting risk assessments vulnerability assessments and developing risk mitigation strategies.
• Excellent leadership and communication skills with the ability to collaborate effectively with crossfunctional teams and influence stakeholders at all levels of the organization.
• Strong analytical and problemsolving abilities with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously.
• Indepth knowledge of cybersecurity principles technologies and best practices.
• Strong understanding of regulatory requirements and compliance frameworks.
• Excellent leadership communication and stakeholder management skills.
• Relevant certifications such as CISSP CISM or CRISC are highly desirable.
• Experience with security compliance frameworks (e.g. CIS NIS CSF NIST RMF ISO 27001) is a plus.

Additional Information :

Salary Range: $120000 $130000

Starting salary to be determined based on experience and qualifications.

Important: To apply candidates must provide a cover letter and a resume.

SPECIAL REQUIREMENTS: Must be a Philadelphia resident. Successful candidate must be a city of Philadelphia resident within six months of hire.  Candidate must pass a background check.

PHYSICAL AND MENTAL DEMANDS: Position requires a high level of mental concentration and commitment. 

Discover the Perks of Being a City of Philadelphia Employee:
   We offer Comprehensive health coverage for employees and their eligible dependents
   Our wellness program offers eligibility into the discounted medical plan
   Employees receive paid vacation sick leave and holidays
   Generous retirement savings options are available
   Pay off your student loans faster As a qualifying employer City of Philadelphia employees are eligible to participate in the Public Service Loan Forgiveness program. Join the ranks of hundreds of employees who have already benefited from this program and achieved student loan forgiveness.
   Enjoy a Free Commute on SEPTA Starting September 1 2023 eligible City employees will no longer have to worry about paying for SEPTA public transportation. Whether youre a fulltime parttime or provisional employee you can seize the opportunity to sign up for the SEPTA Key Advantage Program and receive free Key cards for free rides on SEPTA buses trains trolleys and regional rails.
   Unlock Tuition Discounts and Scholarships The City of Philadelphia has forged partnerships with over a dozen esteemed colleges and universities in the area ensuring that our employees have access to a wide range of tuition discounts and scholarships. Experience savings of 10% to 40% on your educational expenses extending not only to City employees but in some cases spouse and dependents too!
Join the City of Philadelphia team today and seize these incredible benefits designed to enhance your financial wellbeing and personal growth!

*The successful candidate must be a city of Philadelphia resident within six months of hire

Effective May 22 2023 vaccinations are no longer required for new employees that work in nonmedical nonemergency or patient facing positions with the City of Philadelphia. As a result only employees in positions providing services that are patientfacing medical care (ex: Nurses doctors emergency medical personnel) must be fully vaccinated.

The City of Philadelphia is an Equal Opportunity employer and does not permit discrimination based on race ethnicity color sex sexual orientation gender identity religion national origin ancestry age disability marital status source of income familial status genetic information or domestic or sexual violence victim status. If you believe you were discriminated against call the Philadelphia Commission on Human Relations ator send an email to
 

Remote Work :

No

Employment Type :

Fulltime