Director of Information Security

The Philadelphia International Airport is managed by the Department of Aviation of the City of Philadelphia. The airport handles approximately 82,000 travelers per day. The airport Information Technology department is headed by the Chief Information Officer (CIO). As the Director of Information Security, you will play a pivotal role in safeguarding the confidentiality, integrity, and availability of Philadelphia International Airport's information assets. Reporting directly to the Chief Information Security Officer (CISO), you will be tasked with leading strategic initiatives to mitigate cyber threats, ensure compliance with industry regulations & standards. Must have a sound business acumen to help identify, evaluate and report information security risks in a manner that supports the risk posture of the organization.

Essential Functions and Responsibilities:

• Strategic Leadership – Collaborate with the CISO and senior leadership to develop and maintain the organization's information security strategy, policies, and procedures. Provide strategic direction and guidance to the information security team, aligning security initiatives with business objectives and risk tolerance.
• Risk Management – Lead the identification, assessment, and prioritization of information security risks, threats, and vulnerabilities across the organization’s IT infrastructure and systems. Implement risk mitigation strategies and controls to address identified risks effectively. Develop capabilities to manage third party Cybersecurity risks.
• Security Governance & Compliance – Lead the identification, assessment, and prioritization of information security risks, threats, and vulnerabilities across the organization’s IT infrastructure and systems. Develop risk mitigation strategies and controls to address identified risks effectively.
• Threat Management – Execute strategies for continuous monitoring of network traffic, system logs, and user activities to identify unauthorized or suspicious behavior. Review security monitoring tools, technologies to detect and alert potential security incidents and anomalies. Maintain incident response plans and procedures to effectively respond to and mitigate security incidents. Lead the investigation of security breaches and incidents, coordinating response efforts and implementing corrective actions as necessary.
• Third Party Risk Management –Assess and manage risks associated with third-party vendors and service providers, ensuring contractual obligations and security requirements are met. Develop processes for evaluating monitoring vendor security posture and performance.
• Security Operations & Technology –Oversee the implementation and maintenance of security technologies and tools, ensuring they effectively identify, protect, detect, respond, and recover to security threats & vulnerabilities.
• Change Management –Lead change management committee for reviewing, approving, and implementing changes and ensuring security controls, configurations are updated and maintained. Foster open communication and collaboration among stakeholders, creating forums for dialogue to facilitate decision-making and address concerns related to change initiatives.

Experience/Required skills:

• Strong leadership and management skills are essential for effectively leading a team of security professionals.
• Proficiency in risk management is necessary for identifying, assessing, and mitigating information security risks.
• In-depth knowledge of security architecture and design is necessary for developing and implementing robust security controls.
• Expertise in security operations is essential for monitoring, detecting, and responding to security threats and incidents.
• A comprehensive understanding of compliance and regulatory requirements is crucial for ensuring that the organization's security practices align with relevant standards and regulations.
• Excellent communication and presentation skills are needed for effectively conveying complex security concepts to non-technical stakeholders.
• Strategic planning and execution skills are essential for developing and implementing a comprehensive information security strategy aligned with business objectives.
• Proficiency in vendor management is necessary for evaluating and selecting security vendors and managing vendor relationships effectively.
• Strong team building, and development skills are crucial for fostering a collaborative and high-performing security team.

Desired Experience and Abilities:

• Proficiency in analyzing, evaluating security threats and vulnerabilities, as well as assessing the potential impact on the organization.
• Extensive experience in conducting thorough risk assessments, vulnerability assessments, and penetration testing to identify and prioritize security risks.
• Ability to architect and integrate security solutions into the organization's infrastructure, ensuring the confidentiality, integrity, and availability of information assets.
• Commitment to staying updated on emerging security threats, trends, and technologies.
• Ability to adapt to evolving security challenges and requirements, proactively adjusting security strategies and tactics to address new threats and vulnerabilities.
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
• Familiarity with cybersecurity principles, tools, and best practices.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Information Systems or a related field; Master's degree preferred.
• Minimum of 10 years of progressive experience in information security, with 5 years of leadership or managerial experience.
• Proven track record of developing and implementing information security strategies and initiatives in alignment with NIST Cybersecurity Framework.
• Experience with conducting risk assessments, vulnerability assessments, and developing risk mitigation strategies.
• Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization.
• Strong analytical and problem-solving abilities, with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously.
• In-depth knowledge of cybersecurity principles, technologies, and best practices.
• Strong understanding of regulatory requirements and compliance frameworks.
• Excellent leadership, communication, and stakeholder management skills.
• Relevant certifications such as CISSP, CISM, or CRISC are highly desirable.
• Experience with security compliance frameworks (e.g., CIS, NIS CSF, NIST RMF, ISO 27001) is a plus.