OSI Systems, Inc

  • Director, Information Security

    Location US-CA-Hawthorne
    Posted Date 1 week ago(6/8/2018 3:55 PM)
    Company
    OSI Systems, Inc
    Requisition #
    14150
  • Overview

    OSI Systems and its subsidiaries is a vertically integrated provider of specialized electronic systems and for components that meet the critical needs in the homeland security, healthcare, defense, and aerospace industries. As a global company, we are dedicated to developing solutions for our customers and the people they serve to lead the way to a safer and healthier world.

     

    OSI Systems, Inc. is currently seeking a highly skilled Director, Information Security to join the IT leadership team and help lead the evolution of electronic information security in OSI Systems, Inc. As a member of the IT leadership team, reporting directly to the Chief Information Office, the Director, Information Security will enhance and oversee the global information security operations activities of a diverse and decentralized computing environment.

    Responsibilities

    • Required Experience and Capabilities

      Must have a minimum 5-10 years’ experience in both oversight of information security in enterprise IT infrastructure and in deployment and management of enterprise applications
    • Must have demonstrated track record building and growing a standards-based information security program in an enterprise IT setting
    • The candidate will be expected to set a vision for the security program successfully communicate and receive buy in, and then lead the team and organization in in execution
    • Experience running operations to maintain security for Controlled but Unclassified (CUI), PCI, and HIPAA compliant requirements
    • Have a demonstrated track record for building and leading teams of highly skilled information security professionals
    • Must have hands on experience running and overseeing security operations in a large multi-national enterprise
    • Experience in assimilation of operations for acquired business units is highly desirable
    • Must have experience in establishing governance processes and prioritization of security workload across the security workforce, and with dependent stakeholders
    • Must have extensive experience in coordinating performance of security operations across multiple data centers, as well as cloud-based service operations centers
    • Must have demonstrated experience in planning and coordination of security operations, and successfully coordinating and communicating those plans
    • Must have a background in ITIL/ITSM support and demonstrated experience providing coordination of desktop and end point security with enterprise IT services teams
    • Experience providing security operations for enterprise applications used to support Finance Management, Customer Management, Manufacturing Operations and Quality Control in highly regulated industries
    • Experience with securing operations that involve large groups of R&D, Engineering and development operations, which require connectivity and integration with third party partners
    • Must have a demonstrated track record of successfully developing, defending, and managing an information security budget, to business units and executive management
    • Security operations
    • 24 x 7 x 365 management of the Security Operations Center and accountability for availability of global security systems including monitoring, vulnerability management and other information protection capabilities
    • Management of incident, changes and problems related to security incidents or evolution of security systems
    • Continuous improvement & performance management of Security Operations processes, technologies and tools, and oversight of security vendors performance ensuring SLA’s

    Security Architecture

    • Development of baselines ad standards for all flavors of IT Applications and Infrastructure, and associated processes for onboarding and risk management
    • Definition and management of information classification & business impact assessment processes
    • Participation in business and IT initiatives as an information security expert.  Provision of guidance to others on proper security practices
    • Identification and classification of risks related to new implementations or existing infrastructure and application solutions and provision of guidance for remediation


    Supporting the Business 

    • Participation in business initiatives as a security professional providing consultative support & guidance to others on proper security practices as well as principles
    • Performance of security assessments to identify potential security risks in all aspects of the business including technical implementations (applications or equipment) as well as IT or business processes
    • Development and delivery of end user security awareness training, effective reporting, as well as performance metrics


    Risk Management and Reporting

    • Management & communications of security risks via a metric-based model
    • Development and execution of security metric reporting to ensure business and senior leadership have a proper view of current security state and risks, globally
    • Identification of potential security risks in all aspects of the business including technical implementations (applications or equipment) and IT or business process
    • Understanding and helping the organization meet regulatory compliance and conformance
    • Participation in internal audits and other 3rd party audits of company’s security practices
    • Uphold the company’s core values of Integrity, Innovation, Accountability, and Teamwork
    • Demonstrate behavior consistent with the company’s Code of Ethics and Conduct
    • It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem
    • Duties may be modified or assigned at any time to meet the needs of the business

    Qualifications

     

    • 8+ years’ experience leading a large multi-national security operation
    • The role requires a combination of “expert-level specialized technical” and “analytical professional” IT security skills with the ability to maintain security and confidentiality when dealing with highly sensitive information.
    • Strong working knowledge of application security best practices and tools including vulnerability and application scanning, OWASP methodologies and testing criteria
    • University degree (or equivalent experience) in Computer Science, Engineering, or other technical field, or Business Administration with relevant IT work experience.
    • 5 years minimum experience leading a broad enterprise security initiative
    • 2 years minimum experience in a Manager level or lead security operations role
    • Strong knowledge of Security, Firewalls, Server administration, databases, VMware, Citrix and legacy Windows operating systems
    • Deep technical knowledge in information technologies; should be the “expert” in operating systems, networking, network authentication, database and acutely aware of global business environments
    • Must have experience establishing security operations for PCI compliant web applications
    • Must have extensive experience implementing security operations for highly integrated Oracle, Microsoft, and SAS enterprise applications.
    • Proven experience managing security in the cloud, in particular, Microsoft Cloud Service (D365, O365) and Amazon Web Services (IAAS)
    • Familiarity with emerging threats and mediation of these risks.
    • Deep understanding of security risks and threats as they relate to the company’s operating environments
    • Deep understanding of compliance to security policies and procedures, especially implementation of NIST security standards (800-53, 800-171).
    • Understanding of ITIL and its practical application
    • Demonstrated competency in strategic thinking and leadership with strong abilities in relationship management
    • Demonstrated competency in managing third party providers in security technology operations
    • Strong knowledge of the intricacies of networking, cloud-based solutions and Internet based protocols
    • Deeply skilled at clearly and proactively communicating sensitive risk information and program status both horizontally and vertically within an organization and its stakeholders.
    • Strong written and oral communication skills, with capability to use Microsoft Office solutions
    • Ability to collaborate with team members in a cross functional and matrixed IT organization
    • Must be able to fluently converse in business English as a first language.
    • Must be a US Citizen and capable of obtaining a US Security clearance

    Equal Opportunity Employer

     

    EEO is the Law

     

    Poster Link: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf

      

    OSI Systems, Inc. has three operating divisions: (a) Security, providing security and inspection systems, turnkey security screening solutions and related services; (b) Healthcare, providing patient monitoring, diagnostic cardiology and anesthesia systems; and (c) Optoelectronics and Manufacturing, providing specialized electronic components and electronic manufacturing services for original equipment manufacturers with applications in the defense, aerospace, medical and industrial markets, among others.

     

     

     

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.