Director of Information Security Engineering

Penn Mutual is a company that has been empowering individuals, families, and businesses for over 175 years. They are seeking a Director of Information Security Engineering to lead and support their Information Security team, overseeing risk analysis, security practices, and vendor relationships while driving improvements in security measures.

Responsibilities:

• Leads and supports Information Security team members with risk analysis of identified issues or events and is able to perform inspection to traverse multiple security tools and/or logs to uncover additional facts surrounding the event without direction
• Frequently monitor, test, and make improvements to security practices in place for network, system, applications, and/or operations management without oversight needed
• Consult with engineers to provide vulnerability identification and/or remediation support as needed
• Oversee vendor relationships regarding security system updates, technical support, and/or driving POC’s of security projects
• Identify opportunities to improve work processes and/or automate improvements to make them more effective and/or to strengthen security measures under limited or no supervision
• Liaise with and support security operations center (SOC) analysts with limited or no direction
• May be asked to serve in on-call rotation
• Assist and/or lead proof-of-concepts, analysis, and/or implementation of security tooling with limited or no direction
• Review, analyze and/or respond to phishing (abuse) submissions and alerts without direction
• Provide support and/or evidence as necessary for audits, regulatory exams, and/or assessments
• Provide information as necessary to track, communicate, and/or improve Information Security team metrics and/or reports
• Proactively identify opportunities and/or gaps in our security posture and influence others to support reducing security risk likelihood and/or impact
• Collaborates with IT and business partners to ensure security is factored in to the evaluation, selection, installation, and/or configuration of hardware, software and/or infrastructure
• Perform other related activities and projects as required
• Participate in an entirely remote working environment (such as using webcam and participating verbally or with reactions)

Requirements:

• Bachelor or Master Degree in computer-related or information security related field and/or 6-12 years equivalent work experience required
• Ability to understand and work in varied computing environments (including AWS) with limited or no direction
• Able to demonstrate understanding of a broad range of computer and information security topics; including networking, database mgmt., application and infrastructure security, vulnerability management, identity access management, and X-as-Code concepts
• Demonstrates a commitment to AI fluency by embracing AI tools and technologies to enhance individual and team performance, decision-making, and innovation
• Strong understanding of common vulnerabilities and mitigations
• Strong understanding of how to protect data and data movement
• Able to problem-solve computer related issues without direction
• Understanding of DevOps practices and Agile methodologies
• Solid understanding of Identity Access Management concepts (in AWS preferred)
• Able to manage multiple complex assignments without direction needed
• Solid understanding of coding and/or scripting concepts in more than one language
• Solid understanding of architecture concepts
• Demonstrates written and verbal communication abilities, including with senior leadership
• Work effectively with other employees in a fully remote environment
• Strong time management
• Information Security certifications (like CISSP) and/or AWS certifications