Director Security Engineering

Responsibilities:

• Define and drive the vision of the information security engineering program, aligning it with the organization's overall cybersecurity strategy.
• Collaborate with the CISO to develop and implement security architecture, ensuring the alignment of security controls with business objectives.
• Lead and guide the Information Security Engineering team in generating innovative ideas and process improvements, continuously enhancing information security at World Kinect Corporation.
• Make effective decisions that support the company's business while ensuring information security principles are upheld.
• Develop Key Risk Indicators to identify and mitigate potential risks, as well as Key Performance Indicators to monitor operational security performance.
• Ensure IT and Cybersecurity architecture, designs, controls, and processes adhere to IT standards and overall IT and Information Security policies.
• Act as a representative for information security considerations in system development, change management, production support, and technology-enabled projects.
• Promote a culture of information security by advising senior IT management and advocating for security awareness and best practices.
• Champion the adoption of automation as a core tenet of Security Engineering.
• Create and maintain documentation related to security designs, configurations, processes, standards, and recommendations.
• Prepare and publish Information Security reports as directed by management.

Requirements:

• Extensive experience in various security engineering facets, including cloud security, endpoint security, application development security, data security, and infrastructure security.
• Familiarity with the Microsoft 365 Security Suite, including Entra, Purview, Defender, Priva, etc.
• Expertise in AWS Well-Architected Framework with emphasis on the 'Security' pillar and AWS Security Reference Architecture (AWS SRA).
• Knowledgeable and experienced with common Cloud reference architectures, security standards, best practices, control frameworks and an eye towards simplification
• Familiarity with Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).
• Experience providing expert advice on risk assessment, incident triage, threat modeling, and security vulnerability mitigation.
• Strong leadership experience in establishing security engineering best practices and leading successful teams.
• Experience with mapping and reporting security programs against NIST Cybersecurity Framework, Secure Control Framework, Cloud Security Alliance (CSA) Cloud Control Matrix (CCM), or other control frameworks is highly desired.