Director of Information Security

About Xirgo Holdings, Inc

Xirgo Technologies offers a complete portfolio of proprietary supply chain monitoring and management technology to convert IoT data from information to insights — enabling the smartest telematics data analytics solutions.

About the role

The Director of Information Security maintains an enterprise-wide security management program, which includes procedures and policies designed to protect the company’s information, systems, technology, and product assets from both internal and external threats.  This is a management position that reports directly to the CEO.  Given the corporate responsibilities of this role, this individual will have a matrix relationship with the head of Information Technology for network security matters as well as the CFO for compliance, legal and audit matters.  This individual is expected to uphold the highest standards of accountability, focus, and efficiency. 

What you'll do

• Develop and maintain enterprise-wide security policies, guidelines, and standards

• Work with internal stakeholders to develop and maintain Xirgo’s enterprise cyber security and Risk Management programs

• Identify, evaluate, and report on cyber security risks, including leading enterprise-wide information security efforts that integrate all aspects of compliance

• Collaborate with departmental management that provides protection of computer systems, networks, products as well as customer, employee, financial and confidential data from internal and external threats

• Act as the Subject Matter Expert regarding security standards required for Xirgo devices, firmware, software, databases, hosted environments and M2M/B2B data transfer 

• Evaluate and implement SIEM and vulnerability management tools

• Provide advice and recommendations to ensure validity, legality, and compliance with the requirements in the various regions Xirgo serves including those involving data privacy

• Lead compliance efforts in the areas of ISO, SOC, GDPR and other applicable certifications and regulations

• Serve as liaison to Sales, Implementation and Product Management, answering RFPs and completing client security questionnaires. Assisting in the Sales process for security matters

• Partner with IT to present current security models, roadmap designs and research on future security trends to internal stakeholders (Product Management, Engineering, Support, Sales) as well as to externally focused audiences (Customers, Prospects, Partners, Auditors).

• Act as the primary point of contact for 3rd party auditors

• Perform 3rd party vendor risk assessments

• Define and report on Information Security metrics

• Evaluate potential security breaches, coordinate response and monitor corrective actions

• Lead security communication programs and the development of training and awareness programs

• Work with HR, Engineering and Operations staff in the development and testing of Business Continuity and Disaster Recovery plans

• Administer and maintain policies to ensure physical safety and security of all property and assets owned by Xirgo

• Provide input to strategic decisions that affect the functional area of responsibility, including input into developing the budget, product design and system architecture

Qualifications

• 5+ years’ management experience leading high performing Information Security teams

• Requires a bachelor's degree or the equivalent in certifications.

• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP)

• Proven history of leading ISO and SOC compliance efforts

• Specific practical knowledge, hands-on skills and technical depth related to network architecture, and information and cyber security compliance

• Experience in cloud (particularly AWS) SaaS, IoT architecture design as it pertains to device and network security

• Strong experience with delivering network and security solutions for large companies in the IoT space

• Deep knowledge of best practices, security and network standards and leading technologies

• Experience developing and implementing operational procedures and policies 

• Experience managing resources in a matrixed environment through subordinate managers and senior level technical teams

• Demonstrated management skills including budget development, policy implementation, staff training and development

• Ability to work effectively with a diverse group of stakeholders

• Ability to explain technical items in a non-technical way

• Efficient and effective response to high-pressure situations

• Understanding of IoT technologies (e.g. cellular, satellite, Bluetooth, OTA updates) preferred

• Experience in the transportation and logistics industry preferred

• Experience with IoT products including cameras/video, sensors, and AI preferred

• Proficient in Microsoft Office programs (Outlook, Word, PowerPoint, and Excel) and Atlassian suite (Jira, Confluence)

Salary Range: £80,000-£110,000 GBP, plus bonus