Information Technology | San Jose, CA, United States
Title Senior Manager of Information Security
Nutanix seeks an experienced visionary leader who wants to become part of an exciting team of information technology professionals supporting the Nutanix's Security Vision: promote and deliver a proactive security practice, capabilities and meeting required regulatory and industry standards
Information technology plays a vital and ever-expanding role in the institutional mission. Nutanix's information technology environment is distributed and diverse with both SaaS and internally hosted applications and data. Our employees are highly mobile and socially engaging in cyberspace.
This person will be an advocate for the Nutanix's total information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture. This person will lead the development and implementation of a security program that leverages collaborations and company-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. This position is the architect of security strategy and execution roadmap, works closely with optimal internal and external partners, integrators, and solution providers to deliver business aligned outcomes.
DUTIES AND RESPONSIBILITIES
Corporate and Program Leadership
- Responsible for the strategic leadership of Nutanix's information security program.
- Provide guidance and counsel to the IT Director and executive leaders working closely with Legal, Facilities, HR, and various business stakeholders in the steering committee.
- Promote collaborative, empowered working environments across functional disciplines, removing barriers and realizing possibilities.
- Manage institution-wide information security governance processes, chair the Information Security Advisory Committee in the establishment of an information security program and project priorities.
- Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire institution in support of development, research, and administrative information systems and technology.
- Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
- Stay on top of information security issues and regulatory changes affecting Nutanix in address regulatory compliance, communicate updates and promote awareness.
- Drive initiatives and project execution as required by job responsibility.
Policy, Compliance and Audit
- Lead the development and implementation of effective and reasonable policies and practices to protected sensitive data and ensure information security compliance with relevant legislation and legal interpretation.
- Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls.
- Work with Internal Audit and outside consultants as appropriate on required security assessments and audits.
- Coordinate and track all information technology and security related audits including scope of audits and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships and continually puts the institution in its best light.
- Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, SOX, PCI, HIPAA, and FISMA.
Outreach, Education and Training
- Work closely with IT and organizational leaders, technical experts, on a wide variety of security issues that require an in-depth understanding of the respective organizations, their practice and processes associated with security and information handling. Research best practices and regulation adherence where applicable.
- Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
- Work closely with HR and appropriate leadership teams to develop training curriculum to enhance security awareness as well as meeting required regulatory compliance.
Risk Management and Incident Response
- Develop security incidents response process and act as primary control point during significant information security incidents.
- Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions.
- Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Examine impacts of new technologies on the Nutanix's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.