Cybersecurity Director

FORTNA partners with the world’s leading brands to transform omnichannel and parcel distribution operations. Known world-wide for enabling companies to keep pace with digital disruption and growth objectives, we design and deliver solutions, powered by intelligent software, to optimize fast, accurate and cost-effective order fulfillment and last mile delivery. Our people, innovative approach and proprietary algorithms and tools ensure optimal operations design and material and information flow. We deliver exceptional value every day to our customers with comprehensive services and products including network strategy, distribution center operational design and implementation, material handling automated equipment, robotics and a comprehensive suite of lifecycle services.

At FORTNA, we believe in fostering a workplace that isn't just a job but a movement – a collective effort to redefine success and transform challenges into opportunities. "Join the Movement" encapsulates our commitment to a workplace culture that thrives on collaboration, celebrates diversity, and empowers every individual to contribute to something greater than themselves. Our Team. Our Passion. Our Approach. 

POSITION SUMMARY:

The Cybersecurity Director is responsible for managing the Cybersecurity Program designed to advise the organization on its management of Cybersecurity risk by supporting risk-based management decisions; developing, deploying, monitoring, tuning, evaluating, reporting on and maintaining systems and procedures; and identifying and mitigating threats to the corporate network, corporate assets, and corporate users to ensure the security of company systems and information assets.

This team member is responsible for leading both technical implementation of systems, and communication of security requirements to management and security leadership. Additionally, this team member will be responsible, as necessary, with leading investigations into security threats, working with internal and external groups to ensure the Cybersecurity program is operating effectively and efficiently, and developing strong partnerships across the enterprise to ensure information assets are protected at the appropriate level.

As our Cybersecurity Director, you will be responsible for managing cybersecurity processes, defining risk areas, reviewing third party partner compliance, and coordinating incident response across all businesses and locations. Oversight of secure development practices across the organizations software and product development lifecycles.

The Cybersecurity Director is responsible for: ensuring that all systems are effectively and efficiently monitored by assigned staff; investigating and triaging notable events according to severity level; providing tier one (1) and two (2) support to enterprise customers; and maintaining cybersecurity controls and processes that help manage overall risk at an acceptable level. The role ensures that cybersecurity best practices are followed in the environment and that our company is able to aggressively respond to any attempts to compromise our infrastructure, information, or operations. The Cybersecurity Director directly interacts with our Information Technology and Production security teams on addressing issues identified by vulnerability scans or penetration test among other sources. The Cybersecurity Director partners closely with the Information Technology and our supporting vendors.

PRIMARY RESPONSIBILITIES INCLUDE:

• Manage a “first-line of defense” team with eyes-on-glass for a number of alerts associated with Phishing, Data Loss Prevention, Policy Violations, User-Behavior Analytics, and Network and Host-based anomalies.
• Mentor, Train and Develop staff members in triage and investigation methodologies.
• Support Incident Response in coordination with HR, Legal, Privacy and Corporate Security initiatives and investigations.
• Lead the integration of secure coding practices into the SDLC, collaborating with development teams to implement security controls without hindering innovation.
• Oversee application security testing (e.g., static / dynamic code analysis, penetration testing) and ensure remediation of vulnerabilities.
• Identify opportunities for enhanced data enrichment, alert creation & tuning, or automation, based on the teams need.
• Partner with our Governance, Architecture, and Engineering and Operations organizations to develop process enhancements and Tabletop Exercises to further our maturity.
• Monitor internal and external policy and contractual cybersecurity compliance of third parties.
• Review cybersecurity risks associated with new technology solutions, including contractual implications in coordination with the Legal function.
• Continuously monitor current state of cybersecurity utilizing outside resources, primary research, and third-party partners to ensure we are aware of the latest issues and solutions.
• Provides oversight of project and program implementation including all activities, outputs, and outcomes related to project management and administration, including reporting, budget development and monitoring, financial transactions, execution of project plans, and project performance
• Ensure effective monitoring, measuring, reviewing and updating project process, adjusting project plans and implementing remedial plans and informing all relevant parties.
• Manage the ISO 27001 process which may include defining controls, policies and procedures to ensure compliance. Conducts or oversees regular audits of the ISO 27001 controls.
• Design policies, processes, practices, guidelines, standards, and baselines that are mapped directly to business risks to measure for effectiveness and adherence.
• Liaise with business units, leadership, and law enforcement as needed.
• appreciates and enjoys coaching junior team members on cybersecurity best practices (Mentor associates) 
• Manage vendor relationships and negotiate service agreements to optimize cybersecurity investments
• Advise Leadership on emerging security trends, and prepare communications on the same 

REQUIRED QUALIFICATIONS:

• Minimum of 7-10 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering or Operations, Information Technology, Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance required
• 10+ years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
• Bachelor’s degree in Information Technology or related functional areas: Supply Chain, Finance, Engineering.

PREFERRED QUALIFICATIONS:

• Local and wide area networking concepts, principles and protocols
• Advanced knowledge in Infrastructure design and management
• Working knowledge of management processes such as personnel administration, planning and budgeting
• Advanced understanding of IT Service Management (ITSM) best practices and processes
• Strong understanding of application layer protocols including HTTP, SSH, SSL and DNS
• Practical experience and knowledge of the latest Cybersecurity legislations, regulations, advisories, alerts, vulnerabilities and Cybersecurity frameworks
• Experience with cybersecurity in a multi-site, global organization.
• Strong interpersonal, verbal, and written communication skills to effectively communicate with all levels throughout the organization and external vendors, strong customer service orientation, excellent problem-solving skills and the ability to drive for results.

• Ability to effectively negotiate with vendors on upgrades and acquisitions
• Advanced information security standards/frameworks (ie, NIST Cybersecurity Framework, ISO 27001) skills
• Advanced experience with Network and VLAN segmentation
• Management of all certification processes related to Cybersecurity including but not limited to ISO 270

WORKING CONDITIONS: When duties are performed in a typical office environment, extended periods of sitting at a desk and viewing a computer screen will be required. Also required is the ability to talk and hear, in person and by telephone; use of hands to handle, feel, or operate standard office equipment; and ability to reach with hands and arms.  Associates are frequently required to walk and stand. The noise level in this work environment is usually quiet.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.

When travelling to Client sites, essential requirements of this position may require physical presence in various environments and locations. Physical stamina may be required for prolonged standing, bending, stooping, and/or working in cramped quarters. Exposure to potentially dangerous tools and equipment amidst a variety of building materials is probable, as is occasional exposure to moving mechanical parts. The noise level in the work environment can vary from being relatively quiet, to moderate, to excessive. Safety shoes or boots may be required in certain situations. Additional safety clothing including gloves, hardhats, and devices to protect eyes, mouth, or hearing, will be worn as necessary.

This position description should not be considered all-inclusive.

This job description describes the general nature and level of work expected of a person assigned to this position. All job requirements listed indicate the minimum level of knowledge, skills and/or ability deemed necessary to perform the job proficiently. Employees may be required to perform any other job-related duties as requested by their supervisor.

It is the policy of FORTNA and its affiliated companies to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, pregnancy or pregnancy-related condition, status with regard to public assistance, veteran status, citizenship status (if authorized to work in the U.S.), or any other characteristic protected by federal, state or local law. In addition, FORTNA will provide reasonable accommodations for qualified individuals with disabilities.