Director of Information Security

Responsibilities

include

Strategic Leadership and Squad Management :

Lead and develop the strategic direction and vision for the Security Engineering, Security GRC, Security Operations Center, and Identity squads, aligning their operations with the organization's overall cybersecurity strategy.

Oversee the integration of a mixed model of service providers and full-time staff, focusing on rebuilding the Security Engineering team to ensure robust and flexible security capabilities.

Collaboration Across Domains :

Act as the liaison and representative for information security across all IT infrastructure domains, including Cloud Services, Network Operations, and IT Operations, embedding security considerations in all IT projects, system development, change management, production support, and technology-enabled projects.

Foster strong relationships with other Tribe Leaders to facilitate integrated strategies that enhance organizational resilience.

Strategic Partnership :

Partner closely with the CISO and Information Security Squads to refine and implement the cybersecurity strategy, ensuring the alignment of security architecture and controls with business objectives.

Operational Excellence and Innovation :

Implement cutting-edge security technologies and practices to enhance digital asset protection, championing automation and advanced analytics to boost operational efficiency and effectiveness.

Develop and monitor key performance indicators and risk metrics to assess the continuous effectiveness of security strategies.

Communication and Influence :

Maintain high-level communication channels with senior executives, effectively articulating security strategies and aligning them with organizational goals, while promoting a security-aware culture through advocacy and compliance with best practices among all employees.

Security Compliance and Documentation :

Ensure all IT and Cybersecurity architectures, designs, controls, and processes adhere to established IT standards and policies.

Create and maintain comprehensive security documentation, including designs, configurations, processes, standards, and recommendations, and prepare periodic Information Security reports as directed.

Risk Management and Decision-Making :

Develop Key Risk Indicators to identify and mitigate potential risks, alongside Key Performance Indicators for monitoring security performance, ensuring decisions support the company’s business while upholding information security principles.

Requirements

Not all applicants will have skills that match the job description in its entirety. While having the desired qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply.

The successful candidate will possess an in-depth knowledge and expert status in one or several key areas of expertise that are central to the company’s success.

They will understand how their discipline interrelates with other parts of the company.

The following technical experience is highly recommended :

Extensive experience in various security engineering facets, including cloud security, endpoint security, application development security, data security, and infrastructure security.

Familiarity with the Microsoft 365 Security Suite, including Entra, Purview, Defender, Sentinel, etc.

Expertise in AWS Well-Architected Framework with emphasis on the 'Security' pillar and AWS Security Reference Architecture (AWS SRA).

Knowledgeable and experienced with common Cloud reference architectures, security standards, best practices, control frameworks and an eye towards simplification.

Experience providing expert advice on risk assessment, incident triage, threat modeling, and security vulnerability mitigation.

Strong leadership experience in establishing security engineering best practices and leading successful teams.

Familiarity with Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).

Experience with mapping and reporting security programs against NIST Cybersecurity Framework, Secure Control Framework, Cloud Security Alliance (CSA) Cloud Control Matrix (CCM), or other control frameworks is highly desired.

The position requires the following management skills and experiences :

Proven leadership skills with experience managing multidisciplinary security teams in a large, complex organization.

Strong ability to collaborate and build partnerships across business units and technological domains.

Excellent strategic thinking and planning capabilities, with the ability to lead in a high-pressure environment.

Robust understanding of the cybersecurity landscape, including emerging threats and innovative defense strategies.

Has lead successful security engineering teams in implementing modern practices.

Strong analytical, prioritizing, interpersonal, problem-solving, and presentation, project management (from conception to completion) and planning skills.

Experience with Agile methodologies / framework.

Strong verbal and written communication skills.

Strong negotiation, mediation, and influencing skills.

Maturity, reliability, composure, and stability under pressure.

Ability to adapt to new situations, people, ideas, procedures and to accommodate a constantly evolving work environment.

Strong communication skills and experience working with senior leadership : role must communicate effectively with Senior Executives in departments including Legal, Internal Audit and Human Resources, as well as M&A staff.

Build successful relationships with customers, co-workers, internal audit, and executive management.

Good listening skills and patience with others.

The following credentials, licenses, and / or degrees are desired but not required if appropriate experience exists :

CISSP : Certified Information Systems Security Professional

Microsoft Security related Ninja Certifications

AWS Security Specialty Certification

Certified Cloud Security Professional (CCSP)

B.S. in Computer Science, Cybersecurity, Management Information Systems, Engineering, or related technical field

World Fuel Services, is an equal opportunity / affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.