Senior Director Information Security

Main Purpose of the Job:

The Senior Director of Information Security will be responsible for ensuring that all of our data and our customers’ data is protected; ensuring that our work complies with data protection laws and industry best practices; and overseeing all aspects of information security, including Cloud Security, DevSecOps, Security Operations, and Security Strategy. The role will be pivotal in ensuring the reliability, scalability, and security of our systems to support our rapidly evolving business while adhering to industry best practices.

Key Responsibilities:

• In partnership with the General Counsel and Chief Technology Officer, develop, implement and maintain a strategic, long-term information security strategy and roadmap to ensure that Dense Air’s information assets are adequately protected.
• Serve as the main point of contact on issues related to data protection and work with business partners to assess risk management to mitigate potential threats to the organization's infrastructure, applications, and data.
• Identify, evaluate and rectify issues within our existing data protection framework to ensure compliance, and report on information security risks, practices and projects to the Senior Leadership Team and the Board of Directors, and provide subject matter expertise on security standards and best practices.
• Devise training plans and provide data protection advice to staff members.
• Chair the company’s Information Security Council to implement and manage controls, standards, policies and guidelines.
• Ensure that the security management program and policies comply with applicable laws, regulations, and contractual requirements, such as GDPR and US state laws.
• Act as the champion for the information security program and foster a security-aware culture.
• Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
• Oversee and lead the creation, communication, and implementation of a process for managing vendor risk and other third-party risk.
• Manage regular intrusion detection and vulnerability reporting, internal and external IT audit groups reviews, and the coordination of all required fixes.
• Develop business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time.
• Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
• Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal matters.
• Lead due diligence and post integration activities related to information security for all M&A activity.

Education and Experience:

• A proven track record in developing information security policies and procedures, ideally in the telecommunications industry.
• Expertise in data protection laws and practices, including a deep understanding of GDPR and other cross-border data transfer laws.
• Ability to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms).
• Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals, an innovative leader, problem solver and consultant.
• Knowledge of security, business, risk assessment, risk and control frameworks and standards such as ISO 27001 and SOC2.
• Ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function.
• Experienced with contract and vendor negotiations.
• Experience in a legal, audit, or risk management role.
• Excellent written and verbal communication, interpersonal and collaborative skills.
• Ability to effectively prioritize and execute tasks in high-pressure situations.
• Understanding of cloud, SaaS, and IoT architectures, and their implications on information security strategy.
• Technical acumen including but not limited to: OSI, IT infrastructure, cloud, application development languages, tools and frameworks, database technologies, web technologies, next gen mobile, network architecture, enterprise architecture, and directory services.
• Security technology acumen and experience including but not limited to firewall, intrusion detection, cyber-attack tools and defences, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity, and access management, multi factor authentication.

Dense Air utilizes cutting-edge radio access technologies to address indoor challenges faced by building tenants across the US, providing a turn-key cellular solution that solves their connectivity issues.

Personal Qualities

• Bachelor’s Degree in computer science, engineering, or a related field; (graduate degree preferred).
• Professional certifications, such as a CISSP, CISM, CISA.
• Minimum 10 years of IT and/or business leadership experience, and 5+ years of information security/cybersecurity experience.

Diversity, Equity, and Inclusion:

Dense Air is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and employees regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, age, veteran status, and any other characteristic protected by applicable law. Dense Air believes that diversity and inclusion among our teammates is critical to our success.