DIRECTOR-IT SECURITY SERVICES - LUMOS | NORTHSTATE
Lumos is a growing fiber service provider delivering high-speed broadband internet, Wi-Fi, digital voice, streaming TV, and other hosted communications services to residential and small business customers within Virginia, as well as in North Carolina where we are known as NorthState. We currently have an expanding network of over 5,000 routes miles of fiber with robust Fiber to the Premise (FTTP) broadband expansion plans underway to accelerate serving more homes and businesses with connectivity throughout the region. Our product offering is available to nearly 200,000 addresses and growing.
We are more than your average internet company. Our customers enjoy the fastest fiber speeds available built on a network they can truly count on – all backed by local, expert customer care teams. We know that fast, reliable Internet is what our customers need to stay connected to the things that matter. That continuous connection is our commitment to our community. Lumos and NorthState are sponsored by EQT Infrastructure, one of the most successful global private equity firms in the fiber industry space.
The Director of IT Security Services supports the Information Security department and is the technology and team leader on assurance and risk management, security engineering, compliance, and IT and network security architecture. This is a hybrid role encompassing both leadership and hands-on technical responsibilities.
Areas of responsibility include network and systems security, compliance, risk and vulnerability management and assessment, business continuity and disaster recovery, change management, policy development, certificate management, and security monitoring. Responsible for overall corporate security and network security.
Duties & Responsibilities:
- Risk assessment and management – responsible for identifying IT and Network risks and exposures, and developing remediation strategies based on analysis of results.
- Lead and manage IT and Network security initiatives – implement security frameworks, create policies and standards to ensure protection of corporate systems, customer data, revenue streams, etc.
- Information Security operations – day-to-day management of the Security team and its members (both FTEs and Contractors) and security operations processes
- IT Security architecture – oversee design and support of implementation of security controls at all layers.
- Vulnerability assessment and management – Coordinate security audits, vulnerability assessment, and automated scanning of networks and systems. Develop effective reporting and communication of issues and work with stakeholders across departments to ensure remediation.
- Incident Response – Manage response and remediation of potential breaches should the need arise, in partnership with external support and internal stakeholders
- Internal consulting – provide subject matter expertise on risk, cybersecurity, and a wide variety of IT and security technologies as needed.
- Research and develop recommendations on security products, services, protocols, and standards in support of IT Infrastructure procurement and development efforts.
- Policy Management – author and maintain security policy in accordance with business needs and external legal/contractual obligations
- Security Awareness – oversee internal security awareness program
- Security Systems Administration – manage internal security team systems (Splunk, EDR, etc.)
- Compliance – Lead IT staff in assessing, documenting, and measuring controls to meet compliance requirements (e.g., NIST CSF, ISO 27001, PCI). Coordinate internal control testing and monitoring as required.
- Change Management – Lead and manage IT change management initiatives focusing on development and implementation of a best practice change management methodology and development lifecycle to ensure that all information systems, products and services meet the company standards, compliance requirements, end-user requirements and overall quality assurance.
- Business Continuity – assist IT management efforts to ensure business continuity and disaster recovery.
- Bachelor’s Degree (BS) or Master’s Degree (MS) in a related field, greater than 10 years’ relevant experience, or equivalent combination of education and experience
- 10 years’ experience complex information technology environments. Demonstrated technical proficiency across multiple IT disciplines. Five years in a management or leadership capacity.
- Key Competencies:
- Design – Generates creative solutions; Translates concepts and information into images; Uses feedback to modify designs; Applies design principles; Demonstrates attention to detail.
- Problem Solving – Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions; Works well in group problem solving situations; Uses reason even when dealing with emotional topics. Demonstrated higher level reasoning skills, critical thinking, and mental acuity.
- Control Frameworks – Knowledge of relevant standards and frameworks related to information security, e.g., NIST Cybersecurity Framework (CSF), ISO27001/27002, PCI DSS.
- Technical Skills – Assesses own strengths and weaknesses; Pursues training and development opportunities; Strives to continuously build knowledge and skills; Shares expertise with others.
- Server technologies - Deep experience with: Windows servers, Linux based systems, Active Directory and Group Policy, Exchange, etc.
- Cloud technologies – e.g., Microsoft Azure (preferred), Office 365, AWS, DevSecOps experience a strong plus.
- Security Technologies including – deep expertise in extracting security value from security technologies including: SIEM, NG-AV, EDR, host and network IPS, MDM, etc. Splunk experience a plus.
- Programming skills – experience with multiple programming languages (e.g., Python, PowerShell, Java, PHP) and automation tools.
- Database technologies – Microsoft SQL Server, Oracle Database, MySQL, advanced SQL queries
- Network /Firewall/Switch knowledge - IP subnetting, routing, NAT, IPv6, load balancing, VLAN and VPN technologies.
- Virtualization technologies - VMware and Hyper-V platforms, host and guest configuration, advanced storage and networking configuration and troubleshooting.
- Self-motivated and driven to improve professional and technical knowledge while recommending best practices and benchmarking state-of-the-art practices in meeting corporate business requirements.
- Professional-level writing skills required, ideally demonstrated by published articles or papers authored by the individual.
- Security certifications – CISSP, SANS/GIAC, Offensive Security, etc. Other technical certifications a plus.
Benefits: Includes Medical, Dental, and Vision insurance, 401K,Tuition Reimbursement, Gym Reimbursement, Paid vacation/holiday leave and more… Please visit our company website
- Pay Type Salary
- Required Education Bachelor’s Degree
- Daleville, VA, USA
- High Point, NC, USA
- Waynesboro, VA 22980, USA
- Winston-Salem, NC, USA