Director, Information Security at DO NOT USE - DAT Freight & Analytics (Portland, OR)
DAT is looking for a Director of Information Security to join our team in Beaverton, Oregon office or our Denver, Colorado office.
Under the direction of the Senior Director of Technology Operations, the Director of Information Security is responsible for defining and maintaining the information security program to ensure that information assets and the associated technology, applications, systems, infrastructure, and processes are protected. The Director of Information Security is involved in the identification, recommendation, and implementation of best practices, policies, standards, baselines, guidelines, procedures, and security solutions. In addition, this role will be a key participant in conducting vulnerability and penetration tests, audits and assessments, and in responding to requests for information by our clients. This role requires strategic and technical experience with proven results to lead the overall information security strategy, vulnerability management, incident management, execution of application security standards, and security monitoring. This role is also responsible for identifying, evaluating, and reporting on legal and regulatory items, IT, fraud, and cybersecurity risk to information assets while supporting and advancing business objectives.
What You'll Do
- Identifies best practices, policies, standards, baselines, guidelines and procedures
- Ensures implementation of best practices, policies, standards, baselines, guidelines and procedures
- Tracks and manages compliance with industry frameworks and/or standards (SOC, ISO 27001, GDPR, etc.)
- Leads a high performing team of security professionals, including building individual development plans and performance reviews.
- Manages professional relations with employees, vendors, and clients in respect to information security circumstances
- Provides support for security solutions in place
- Responsible for the identification, investigation and resolution of security incidents
- Participates in the planning, design, and testing of enterprise security architecture, as well as disaster recovery & business continuity
- Updates and enhances security policies and procedures
- Recommends additional security solutions or enhancements to existing security solutions to improve overall enterprise security posture
- Provides technical documentation to assist with efficient planning and execution
- Participates in the design and execution of vulnerability assessments, penetration tests and security audits
- Maintains up-to-date baselines for the secure configuration and operations of all in-place devices, whether they are under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.)
- Performs objective tests of policies, procedures, controls, and solutions to improve the firm's security posture and compliance
- Fosters a culture of continuous improvement
The Skills You'll Need
- Bachelor's degree or higher in Information Technology or related field.
- 2 or more of the following certifications are preferred: ISSE, CISM, CISSP, OCSP, CHFI, GIAC, or GSEC.
- 2+ years' experience managing information technology security programs.
- 5+ years executing Information Security tasks in complex application or infrastructure environments.
- 2+ years of experience managing employees, including individual development plans and performance management.
- Hands-on experience in deploying and administering security tools and appliances creating policies, tuning, log analysis, troubleshooting, and diagnosing problems.
- Experience with manual or automated security assessment, vulnerability validation, and/or penetration testing and security audits (SSAE18 SOC2 preferred)
- Strong understanding of industry frameworks and standards such as GDPR, HIPAA, PCI DSS, SOC2, NIST, ISO27001.
- Strong technical knowledge in tools/methods used in securing Networks, Applications, Databases, and OSs.
- Familiarity with security web-related technologies (Web applications, Web Services, APIs, Service Oriented Architectures.)
DAT is a next-generation SaaS technology company that has been at the leading edge of innovation in transportation supply chain logistics for 43 years. We continue to transform the industry year over year, by deploying a suite of software solutions to millions of customers every day - customers who depend on DAT for the most relevant data and most accurate insights to help them make smarter business decisions and run their companies more profitably. We operate the largest marketplace of its kind in North America, with 226 million freight posts in 2020, and a database of $126 billion of annual global shipment market transaction data. We have co-headquarters in Portland, OR and Denver, CO, and additional offices in MO, TX, and Bangalore, India.
For additional information, see www.DAT.com/company
DAT embraces the value of a diverse workforce, and believes it is a core strength of our company that we encourage those values in every DAT employee, at every level of our organization, regardless of tenure or rank. We provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state, and local laws.
DAT offers competitive compensation and an excellent benefit package that includes medical, dental, and vision coverage, flexible savings accounts, 401K, Life and AD&D insurance, a comprehensive Paid Leave program, and a Tuition Reimbursement program.
All referrals and resumes are managed exclusively through the Human Resources Department.
DAT will not consider unsolicited resumes from vendors including search firms, fee-based referral services, and/or recruitment agencies.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)