Job Description

This is a Director level leader with supervisor responsibility. This position has formal responsibility for the work products (timing, budget, quality, completeness) of their team. As a Director of Information Security Engineering at World Kinect Corporation, you will be a strategic leader responsible for setting the vision and direction of our information security engineering program. You will work closely with the Chief Information Security Officer (CISO) to define and implement security architecture, establish a robust security tool ecosystem, and provide guidance to infrastructure, devices, data, networking, cloud, and application development teams on security engineering requirements and best practices. In this key leadership role, you will contribute to shaping the organization's security posture and play a pivotal role in ensuring the confidentiality, integrity, and availability of our digital assets.

Key Responsibilities include:

Define and drive the vision of the information security engineering program, aligning it with the organization's overall cybersecurity strategy.
Collaborate with the CISO to develop and implement security architecture, ensuring the alignment of security controls with business objectives.
Lead and guide the Information Security Engineering team in generating innovative ideas and process improvements, continuously enhancing information security at World Kinect Corporation.
Make effective decisions that support the company's business while ensuring information security principles are upheld.
Develop Key Risk Indicators to identify and mitigate potential risks, as well as Key Performance Indicators to monitor operational security performance.
Ensure IT and Cybersecurity architecture, designs, controls, and processes adhere to IT standards and overall IT and Information Security policies.
Act as a representative for information security considerations in system development, change management, production support, and technology-enabled projects.
Promote a culture of information security by advising senior IT management and advocating for security awareness and best practices.
Champion the adoption of automation as a core tenet of Security Engineering.
Create and maintain documentation related to security designs, configurations, processes, standards, and recommendations.
Prepare and publish Information Security reports as directed by management.

Requirements

Not all applicants will have skills that match the job description in its entirety. While having the “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. The incumbent has in-depth knowledge and expert status in one or several key areas of expertise that is central to the company’s success. The position knows how their discipline interrelates with other parts of the company.

The following technical experience is highly recommended:

Extensive experience in various security engineering facets, including cloud security, endpoint security, application development security, data security, and infrastructure security.
Familiarity with the Microsoft 365 Security Suite, including Entra, Purview, Defender, Priva, etc.
Expertise in AWS Well-Architected Framework with emphasis on the 'Security' pillar and AWS Security Reference Architecture (AWS SRA).
Knowledgeable and experienced with common Cloud reference architectures, security standards, best practices, control frameworks and an eye towards simplification
Familiarity with Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).
Experience providing expert advice on risk assessment, incident triage, threat modeling, and security vulnerability mitigation.
Strong leadership experience in establishing security engineering best practices and leading successful teams.
Experience with mapping and reporting security programs against NIST Cybersecurity Framework, Secure Control Framework, Cloud Security Alliance (CSA) Cloud Control Matrix (CCM), or other control frameworks is highly desired.

The position requires the following management skills and experiences:

Has lead successful security engineering teams in implementing modern practices.
Strong analytical, prioritizing, interpersonal, problem-solving, and presentation, project management (from conception to completion) and planning skills.
Experience with Agile methodologies/framework.
Strong verbal and written communication skills.
Strong negotiation, mediation, and influencing skills.
Maturity, reliability, composure, and stability under pressure.
Ability to adapt to new situations, people, ideas, procedures and to accommodate a constantly evolving work environment.
Strong communication skills and experience working with senior leadership: role must communicate effectively with Senior Executives in departments including Legal, Internal Audit and Human Resources, as well as M&A staff.
Build successful relationships with customers, co-workers, internal audit, and executive management.
Good listening skills and patience with others.

The following credentials, licenses, and/or degrees are desired but not required if appropriate experience exists:

CISSP: Certified Information Systems Security Professional
CISSP-ISSEP: CISSP-Engineering concentration
CISSP-ISSAP: CISSP-Architecture concentration
Microsoft Security related Ninja Certifications
AWS Certified Solutions Architect Professional
AWS Security Specialty Certification
Certified Cloud Security Professional (CCSP)
Certified Cloud Security Knowledge (CCSK)
B.S. in Computer Science, Cybersecurity, Management Information Systems, Engineering, or related technical field