Director Cybersecurity & Compliance

at Mercury Systems
Published May 24, 2023
Location Andover, MA
Category Default  
Job Type Full-time  


Director of CyberSecurity & Compliance We are looking for a Director of CyberSecurity & Compliance to join our team. In this position you will own all elements of our global information security program and be accountable for the security and protection of all information entrusted to Mercury Systems by its customers, partners, and employees. Ultimately, you'll be responsible for creating an organizational culture where information security is ingrained into the fabric of Mercury's standard business operations. The Role: The Information Systems team at Mercury is responsible for all of the IT Infrastructure, Information Security, CyberSecurity, and Process Standards. In this particular role, you will serve as the main contact for CyberSecurity related activities and ensure that Mercury's security posture evolves to meet the demands of the growing threat landscape. You will work closely with leadership and staff to identify, analyze, manage, mitigate and remediate CyberSecurity risk. You will also maintain compliancy required by DoD, NIST, and ISO. You will establish a culture of CyberSecurity company-wide, ensuring mitigation tactics are collectively employed to help us reduce risk as we scale. You will work with the Infrastructure team to identify security related improvements, and ensure that the Mercury threat surface is sufficiently protected using industry best practices and innovative solutions. Worksite location options: * Onsite: Andover, MA * Hybrid: 2 days in office and WFH the remainder of the week (based on needs of business) * Remote: 100% remote is not an option for this role due to the role scope and team dynamic Responsibilities: * Be an advocate for industry leading CyberSecurity practices and influence the Information Systems teams to achieve CyberSecurity excellence. * Oversee our corporate infrastructure design and implementation from a CyberSecurity perspective, and provide input to those implementing change and improvement efforts. * Help build and mentor the Information Security team in the development and management of key security controls. * Design and develop an information security program roadmap to align and scale with Mercury. * Manage a team of security professionals which will continue to grow as Mercury grows. * Oversee all security policies/documents and ensure they are properly evolving, reviewed, and updated accordingly on an annual basis. * Develop company-wide training programs to communicate information security risks. * Oversee the internal CyberSecurity audit process, defining key areas of CyberSecurity that require audit to ensure our defenses remain ready. (Red Team, Blue Team, Pen Testing) * Oversee the CyberSecurity Incident Response process, ensuring our Security Operations Center Response alerting and escalation process is highly functional on an on-going basis. * Oversee our internal User Awareness Program and elevate it to the highest possible standard. * Manage relationships with security and information technology vendors. Required Qualifications: * Bachelor’s degree in Computer Science, Engineering, or other related discipline. * 10+ years of experience in IT Information Security, Technology Risk Management, Auditing and at least 7 years working with IT management in compliance leading Security Architecture functions. * Knowledge of ISO/IEC 27001, ITIL, PCI, COBIT, and NIST frameworks as well as GDPR and regional standards. DFARS compliancy and upcoming CMMC requirements are of significant importance. * Experience in the evaluation and implementation of industry standard enterprise wide information security technologies and concepts, including but not limited to: Application Security, Cloud Security (AWS), Microsoft O365, Data Loss Prevention, Security Event Management, GRC Tools, Threat and Vulnerability Management and Identity and Access Management. * Strong knowledge of Cloud Security requirements and relevant legal, regulatory, and privacy requirements. * Knowledge of network, web technology, encryption, virtual private networks, internal, extranet, security, cloud, computing (firewalls remote access) and security management. * One or more of the following certifications: (CISA(M), CISSP, Security Plus (+)) * Experience with Supply Chain processes, controls and technologies. * Ability to design and implement and ensure ongoing compliance with technical security solutions. * Experience managing solutions in various environments such as end-user, server/network, private and public cloud. * Experience rolling out process improvements. * Strong communication skills. * Experience prioritizing initiatives and communicating decisions. Why should you join Mercury Systems? Mercury Systems is a technology company that makes the world a safer, more secure place. We push processing power to the tactical edge, making the latest commercial technologies profoundly more accessible for today's most challenging aerospace and defense missions. From silicon to system scale, Mercury enables customers to accelerate innovation and turn data into decision superiority. Headquartered in Andover, Massachusetts, Mercury employs more than 2,300 people in 24 locations worldwide. To learn more, visit Our Culture We are committed to making Mercury a great place to work, no matter where our employees are located. We offer a casual and enjoyable atmosphere that allows employees to learn and grow. We help and care for one another and work as one to achieve results for us and for our customers. We value communication and transparency, and strive to foster two-way dialogue at all levels of the organization. We are committed to lifelong learning, offering comprehensive skills training and tuition reimbursement. Whether you're just starting out on your career journey or you are an experienced professional, it's important to us that you feel recognized and rewarded for your contributions. To find out more about Why Mercury?, or visit the Mercury Community or find answers to general questions at Mercury FAQs Mercury Systems is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex (including pregnancy), sexual orientation, gender identity, national origin, genetic information, creed, citizenship, disability, protected veteran or marital status. As an equal opportunity employer, Mercury Systems is committed to a diverse workforce. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Veterans' Readjustment Act of 1974, and Title I of the Americans with Disabilities Act of 1990. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the number below. (978) 256-1300 Click here read about our recent press release. Click Here to learn about OFCCP Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled