VP of IT Security
  • United Arab Emirates Dubai
  • Deriv
1 year before
31.12.2023
Protect and Defend
Cyber Defense Infrastructure Support
Job Description

VP of IT Security wanted for hazardous journey! Do you recognize this phrase? Ernest Shackleton used it on the 29th of December 1913 in his now famous job ad. That’s also what we have to offer: the incredible challenge of keeping the IT of a rapidly growing and very successful company highly secure.

You will be responsible for the IT security of well over 1200 endpoints. 200 on-prem and cloud applications and several hundreds of servers spread across 5 continents. To be successful in this role, you must be intimately familiar with cloud technologies, coding, offensive and defensive security and security awareness.

Before you apply, we want to make one thing very clear. This job is not about writing documents. Although we expect you to be very familiar with all the acronyms, you will spend a lot of time standing in the trenches with your global team of security engineers, researchers and analysts, knee-deep in reality, finding and fixing our pain points. After all, the proof of the pudding is in the eating!

What will you be doing?
• Create, advocate and hands-on implement an IT security vision, strategy, and roadmap that keeps our business secure, competitive and proactive. If you do not have the technical skills for the hands-on part, do not apply for this position.
• Manage (and expand!) a global team of approximately 25 security engineers, researchers, analysts and awareness specialists in all aspects. Note the word global.
• Achieve and maintain level 4 in both the security maturity model and the security awareness maturity model. Think of incredibly cool projects and devious security awareness exercises!
• Work very closely with your counterparts in IT Administration, Disaster Recovery, IAM, DevOps, WinOps and IT Development to ensure that IT Security becomes part of the DNA of everything we do.
• Over-communicate the need for security at every opportunity.



Requirements
• 15+ years of leadership experience running security programs and teams in a mid-to-large-sized company. We expect you to be tried and tested with the battle scars to prove it.
• Extensive hands-on experience with cloud infrastructure, automation, containerization, DevSecOps, virtualization, etc.
• Real-world experience with penetration testing (white box, black box, and grey box). Ideally, you have been a bug bounty hunter in a past life.
• You can hold your ground during code reviews, and you are very familiar with secure coding practices. Also, you do not shy away from command line interfaces!
• Broad knowledge about social engineering threats and tests (phishing attacks, tailgating, dumpster diving, endpoint security, etc.)
• Exposure to compliance and regulatory frameworks (e.g. SOX, NIST, ISO 27001, PCI DSS)
• Excellent written and spoken English communication skills


Benefits
• Market-based salary
• Annual performance bonus
• Medical insurance
• Housing and transportation allowance
• Casual dress code

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0006   Knowledge of specific operational impacts of cybersecurity lapses.
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0104   Knowledge of Virtual Private Network (VPN) security.
  • K0157   Knowledge of cyber defense and information security policies, procedures, and regulations.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0205   Knowledge of basic system, network, and OS hardening techniques.
  • K0324   Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0334   Knowledge of network traffic analysis (tools, methodologies, processes).
Required Skills
  • S0054   Skill in using incident handling methodologies.
  • S0059   Skill in using Virtual Private Network (VPN) devices and encryption.
  • S0077   Skill in securing network communications.
  • S0079   Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
  • S0121   Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
  • S0124   Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Required Abilities
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).