The Infrastructure Data Center Security Leader will be someone that has a passion for leading a team which evaluates Data Center Security risks to inform pragmatic policy, standards, and guidelines. This person will also be responsible for helping to design and iterate on security controls to address these risks in a way that helps empower and maintain Facebooks culture of rapid innovation. In this role, you will lead a team to develop, influence, align vision for IDC Security, assist/coordinate developing policies, standards and develop an overall roadmap that meets vision and marries well with business priorities. This position requires a mix of broad business and technical acumen with strong people-management skills, the ability to inspire and influence decisions around security risk management, and a polished ability to communicate with leaders and partners.
Director, Infrastructure Data Center Security Responsibilities
Lead, build, retain, and develop a team of Data Center Information Security professionals that are passionate about identifying, assessing, and mitigating security risk while empowering the Infrastructure Data Center team's rapid innovation and growth
Support the team to develop and communicate policies, procedures, guidelines, and plans to internal stakeholders regarding security and risk management
Maintain a Risk Management Framework that enables efficient decision and is aligned with business needs
Build and maintain strong relationships with partners and stakeholders
Support the Data Center organization in maintaining a security aware culture
Ensure the Data Center organization is aligned with and implementing the broader Facebook security priorities
Find practical solutions to standardize and scale across Facebook
Define metrics to track program progress and maturity for various stakeholders
Improve controls for internal systems, processes, and policies
Understand technical implementation details necessary to assess general and situational Information Security risk
Ability to travel up to 30% required
B.S. in computer science or equivalent experience.
15+ years of experience in global security policy and risk management.
10+ years of people management experience.
Experience in Information Security policy development and risk management at tech companies.
Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
Demonstrated leadership experience working and communicating at executive levels and influencing across all levels.
Experience developing and producing security metrics and reports that are meaningful and actionable across various audiences.
Conceptual, critical thinking, and sound judgment with strategic orientation and experience performing tactically.
Experience providing technical knowledge appropriate to delivery of security protections.
Experience in technical concepts similar to cloud computing environments logical access control, secure coding principles, security architecture, information security, network security, and privacy.
CISSP, CISA, GIAC-GSNA, or GIAC-GCCC
Experience participating in complex, data protection projects in an enterprise, data center environment