Apply Now

Chief Information Security Officer

Sunnyvale, CA, USA | Riverbed Technology

  • Industry:
    Information Technologies
  • Position Type:
    Full-Time
  • Functions:
    General Management
    IT / Information Technology
  • Experience:
    10-12 years
Job Description:
54 people have viewed this job

About this Position



Riverbed Technology’s IT organization is seeking an experienced security leader to function as part of our IT management team and provide security oversight for Riverbed’s (i) IT and enterprise services portfolio and (ii) commercial product and services offerings.  


The individual in this position will work across the IT organization and with business partners as required to understand internal and external application and infrastructure service offerings Riverbed has deployed or is considering. The role will be responsible for ensuring that appropriate controls, systems, and policies are in place to prevent security breaches and standard operating procedures are in place for audit, incident response and compliance reporting.  


This position will work with teams to understand needs and recommend physical and technical information security best practices to be incorporated into service design and operations. Individual will be responsible to develop and publish policies for IT teams to follow, promote security awareness across the company as well as implement security procedures and safeguards. 


This position will also work cross-functionally to oversee the security posture of Riverbed and its subsidiaries’ products and services, ensuring security is embedded throughout the product development lifecycle. This position reports to the CIO. 


Responsibilities 


Leads a strategic point of view for security solutions that can be impacted by new technologies (Cloud, Mobility, Virtualization), and business drivers (M&A, New Business Models).

Provides system security planning, development, and implementation of security policies across multiple platforms.

Provides consultation and support in security management, architecture standards and documentation, and chances/enhancements to security configurations.

Defines processes to manage network and application security as well as prevent the proliferation of viruses and hacker intrusion.

Manages execution of vulnerability scans, penetration tests, and audits to proactively identify areas of risk.

Tracks and directs the mitigation of technical security incidents across enterprise IT and manage them through to resolution.

Keeps up to date on information security threats and countermeasures and advise staff and development teams.

Works with third-party testing groups to perform security audits, validating threats and working with development team to implement and test resulting recommendations.

Works with the IT service delivery and support leaders to draft, update, and implement policy.

Directs and expands our enterprise-wide security controls and safeguards.

Responds to client security questionnaires and audits; participate in the RFP and contracting processes.

Creates and oversees the implementation of IT disaster recovery plans.

Facilitates the creation of business continuity plans for business units and functions across the corporation.

Works with IT Support and Operations management as a member of the incident response team.

Develops the security team and overall IT organization’s capabilities in line with organizational goals and industry best practice.

Creates and maintains the organization’s security documents (i.e., policies, standards, baselines, guidelines, and procedures) to be approved by executive management.

Audit’s server event logs, firewall access logs, wireless access logs and firewall rules to identify possible security or performance problems.

Oversees the monitoring and review of intrusion detection systems and firewall logs, analyze events and patterns, review access control lists, and manage network-based vulnerability scans and penetration tests.

Leads the performance of periodic information security risk assessments and conduct related ongoing compliance monitoring activities in coordination with the company’s other compliance and operational assessment functions.

Leads the analysis of network traffic and system logs to determine corrective action and implement countermeasures; evaluate security incidents, develop solutions, and communicate results to end users and technical staff.

Coordinates product security with engineering and product management teams.

Liaises with Riverbed’s legal team and industrial security team in taking the necessary steps to ensure that Riverbed complies with U.S. export control laws and regulations and does not take action deemed adverse to performance on classified contracts.

Serves as Riverbed’s" Technology Control Officer (TCO)". The TCO is responsible for managing and implementing the Technology Control Plan (TCP) and other written policies and procedures (ECP, et al), per NISPOM regulations. The TCO acts the principal advisor concerning the protection of controlled unclassified information and other proprietary technology and data subject to regulatory or contractual control by the US Government. 


Qualifications 


Candidate MUST be a U.S. citizen.

This position requires a Top Secret security clearance; candidate must be able to obtain and/or maintain a Top Secret clearance.

Knowledge of security frameworks, standards, policies and practices – including ISO/IEC 27001.

Experience obtaining third party security attestations.

The ability to analyze, interpret business requirements/issues and translate into appropriate security and risk solutions.

Must have experience with Vendor Risk Management.

Experience with Change Management in organizations maturing their security posture.

An appreciation of IT, business, and regulatory strategies in relation to a global enterprise operating in countries all over the world.

Experience evaluating security and technology risk issues relating to new technologies and services.

Experience in leading or participating in technology reviews including due diligence assignments.

Experience with compliance monitoring and operational assessment.

Familiarity with data protection and privacy legal frameworks as they relate to organizational systems, networks, and data as well as enterprise products.

Skilled in reviewing third party security and contractual requirements related to information security and data protection.


Desired Experience: 


10+ years of experience in either risk management or information security and/or IT positions.

Certifications: One or more of the following certifications: CISSP, CISM, CISA, CIPP, HCISSP, CRISC, CGEIT, PCIP required.

Thorough understanding of identity and access management, including cross-domain federation and cloud service provider integration.

Experience creating technical documentation, including product documentation, technology and process best practices, and technical whitepapers.


Other companies hiring with Ivy Exec

 Company Logos