Dow Jones

Cloud & Infrastructure Security Manager

  • Experience 5-10 Years
  • Category Technology
  • Location Princeton, NJ

Job Description

Dow Jones is a global provider of news and business information, delivering content to consumers and organizations around the world across multiple formats, including print, digital, mobile and live events. Dow Jones has produced unrivaled quality content for more than 125 years and today has one of the world’s largest news gathering operations globally. It produces leading publications and products including the flagship Wall Street Journal, America’s largest newspaper by paid circulation; Factiva, Barron’s, MarketWatch, Financial News, DJX, Dow Jones Risk & Compliance, Dow Jones Newswires, and Dow Jones VentureSource.

Dow Jones & Company is looking for a leader of our Cloud & Infrastructure Security Program. This role is responsible for ensuring the cloud & on-prem infrastructure powering DJ systems is built to the highest security standards to prevent cybersecurity breaches before they happen. This role will collaborate on a daily basis with our DevOps and system engineering teams. The ideal candidate would have a good mix of technical and non-technical skills.

This position will report into the CISO through our Secure Design & Architecture function and will have direct reports. As the company invests further in this area, there is room for innovation and growth for a knowledgeable, hands-on, collaborative and energetic individual.

Responsibilities

  • Responsible for building, maintaining and executing a strategy for securing all elements of the technology infrastructure in partnership with our DevOps & System Engineering teams:
    • Cloud and on-prem infrastructure (server, network, firewalls, email, DLP)
    • Endpoints (desktop/laptop, mobile, BYOD)
    • Identity & Access Management (2FA, Privileged Access, Remote Access)
  • Technical Security
    • Architects, prioritizes, coordinates and communicates the choice of security technologies necessary to ensure a highly secure yet usable computing environment
    • Collaborate with other members of the technical architecture community to ensure successful implementation of security strategies and architectures to enterprise applications
    • Ownership of security technologies such as AV, Next-gen endpoint prevention technologies (sandboxing, white/black listing…), Data Loss Prevention, File Integrity Monitoring, Web Filtering, NAC
    • Ensure security tools are optimized, fine-tuned and integrated into operational procedures
  • Perform risk assessments of enterprise apps (Google Drive, Dropbox, Workday, Slack, Finance systems…) and work closely with project teams on building/configuring security in
    • Collaboration tools like Google Drive, Dropbox, Slack
    • FInance & HR systems like Peoplesoft and Workday
    • CRM tols like Salesforce
  • Collaborate with CIO function to embed security into standard operating procedures such as change management, privileged access, system lifecycle management
  • Leads the development of policies, standards & baselines to ensure a consistent and secure infrastructure
  • Monitor changing threat landscape to identify and address areas of concern
  • Work to identify and cultivate strong relationships with members of the organization outside of Technology
  • Lead, manage & grow team, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions
  • Collaborate with DJ Security Operations team to build processes to to handle alarms from security stack
  • Collaborate with the DJ Product Security team to implement controls to help meet client security requirements

Qualifications

  • Eight years of experience in Cybersecurity
  • Six years of experience with cloud & infrastructure security
  • Experience with design & architecture using modern design patterns in a cloud environment
  • Experience with cloud models such as IaaS, PaaS, SaaS and the security implications and requisite control frameworks
  • Broad technical knowledge of cloud, IT Infrastructure services, including security, directory services, identity management, network, systems, storage, databases, PKI, VPN, SSO, federation services, WIFI
  • Knowledge about how to secure modern server OS’ (Linux, Windows), desktop OS’ (Windows, Mac) and mobile OS’ (Apple iOS, Android)
  • Knowledge of security best practices like least privilege, defense in depth, attack surface analysis
  • An understanding of modern development processes including agile development
  • Professional certification in security (for example CISSP)
  • Knowledge of IT governance and operations
  • Familiarity with security related certifications such as PCI, SoX, ISO27001
  • Must possess great oral and written communication skills
  • Ability to communicate complicated technical issues and risks to engineers, project managers and product managers
  • Experience managing people, employee career development, team building, and conflict resolution
Apply Now

Find Out

What are women saying about your company?

Click Here

Share this

Share with Friends
Share Anonymously

Related Jobs