Director, Information Security
Company: Virgin Galactic Holdings, Inc.
Location: Las Cruces
Posted on: May 3, 2021
Who we are
Virgin Galactic, www.VirginGalactic.com (NYSE: SPCE), recognizes
that the answers to many of the challenges we face in sustaining
life on our beautiful but fragile planet, lie in making better use
of space. Sending people to space has not only expanded our
understanding of science, but taught us amazing things about human
ingenuity, physiology and psychology. From space, we are able to
look with a new perspective both outward and back. From space, the
borders that are fought over on Earth are arbitrary lines. From
space, it is clear that there is much more that unites us than
"We are at the vanguard of a new industry determined to pioneer
twenty-first century spacecraft, which will open space to everybody
- and change the world for good." Sir Richard Branson, Founder,
If you are looking for a challenging opportunity that will
ignite your passion for designing cool and innovative products, are
exceptionally creative, are a great problem solver and can make
things happen - apply today!
Virgin Galactic is currently seeking a highly skilled Director,
Information Security to join the IT leadership team and help lead
the evolution of electronic information security. As a member of
the IT leadership team, reporting directly to the Chief Information
Office, the Director, Information Security will enhance and oversee
the global information security operations activities of a diverse
and decentralized computing environment. The Director, Information
Security is accountable for the management of the global security
operations and architecture, including incident response, security
technologies management and change management. The Director,
Information Security will lead the in-house IT and outsourced
security operations personnel to ensure operating environments are
maintained to optimal performance and meet defined service levels.
Key success criteria in this position are an in-depth understanding
and management of global information security, security
technologies such as intrusion detection and content filtering,
threat patterns, security architecture, application architecture,
and compliance criteria. This role will anticipate Information
Security industry future direction, implement best practices,
operational discipline and integrate appropriate changes as
business needs require.
- Oversight of information security in enterprise IT
infrastructure and in deployment and management of enterprise
- Building and growing a standards-based information security
program in an enterprise IT setting.
- Define the vision for the security program successfully
communicate and receive buy in, and then lead the team and
organization in in execution.
- Establish and manage operations to maintain security for
Controlled but Unclassified (CUI), PCI, and HIPAA compliant
- Definition and execution of compliance programs aligned with
regulatory and international standards (e.g., ISO27001)
- Oversight of internal and outsourced security operations in the
- Establish governance processes and drive prioritization of
security workload across the security workforce, and with dependent
- Coordination of performance of security operations across
multiple data centers, as well as cloud-based service operations
- Leverage strong background in ITIL/ITSM support and provide
coordination of desktop and end point security with enterprise IT
- Provide security expertise and consulting for enterprise
applications used to support Finance Management, Customer
Management, Manufacturing Operations and Quality Control in highly
- Securing operations involving large groups of R&D,
Engineering and development operations, which require connectivity
and integration with third party partners.
- Develop, defend, and manage an information security budget, for
business units and executive management.
Key result areas of responsibility will include:
- Security operations
- 24 x 7 x 365 management of the outsourced Security Operations
Center and accountability for availability of global security
systems including monitoring, vulnerability management and other
information protection capabilities.
- Management of incident, changes and problems related to
security incidents or evolution of security systems.
- Continuous improvement & performance management of Security
Operations processes, technologies and tools, and oversight of
security vendors performance ensuring SLA's.
- Security Architecture
- Development of baselines and standards for all flavors of IT
Applications and Infrastructure, and associated processes for
onboarding and risk management.
- Definition and management of information classification &
business impact assessment processes.
- Participation in business and IT initiatives as an information
security expert. Provision of guidance to others on proper security
- Identification and classification of risks related to new
implementations or existing infrastructure and application
solutions and provision of guidance for remediation.
- Supporting the Business
- Participation in business initiatives as a security
professional providing consultative support & guidance to others on
proper security practices as well as principles.
- Performance of security assessments to identify potential
security risks in all aspects of the business including technical
implementations (applications or equipment) as well as IT or
- Development and delivery of end user security awareness
training, effective reporting, as well as performance metrics.
- Risk Management and Reporting
- Management & communications of security risks via a
- Development and execution of security metric reporting to
ensure business and senior leadership have a proper view of current
security state and risks, globally.
- Identification of potential security risks in all aspects of
the business including technical implementations (applications or
equipment) and IT or business process.
- Understanding and helping the organization meet regulatory
compliance and conformance.
- Participation in internal audits and other 3rd party audits of
company's security practices.
What you bring
- 8+ years' experience leading a large multi-national security
- The role requires a combination of "expert-level specialized
technical" and "analytical professional" IT security skills with
the ability to maintain security and confidentiality when dealing
with highly sensitive information.
- Strong working knowledge of application security best practices
and tools including vulnerability and application scanning, OWASP
methodologies and testing criteria.
- University degree (or equivalent experience) in Computer
Science, Engineering, or other technical field, or Business
Administration with relevant IT work experience.
- Strong knowledge of Security, Firewalls, Server administration,
databases, VMware, Citrix and current & legacy Windows operating
- Deep technical knowledge in information technologies; should be
the "expert" in operating systems, networking, network
authentication, database and acutely aware of global business
- Must have experience establishing security operations for PCI
compliant web applications.
- Must have extensive experience implementing security operations
for highly integrated Oracle, Microsoft, and SAAS enterprise
- Proven experience managing security in the cloud, in
particular, Microsoft Cloud Platform Services (O365) and Microsoft
Azure Infrastructure Services
- Familiarity with emerging threats and mediation of these
- Deep understanding of security risks and threats as they relate
to the company's operating environments.
- Deep understanding of compliance to security policies and
procedures, especially implementation of NIST security standards
- Understanding of ITIL and its practical application
- Demonstrated competency in strategic thinking and leadership
with strong abilities in relationship management.
- Demonstrated competency in managing third party providers in
security technology operations.
- Strong knowledge of the intricacies of networking, cloud-based
solutions and Internet based protocols
- Deeply skilled at clearly and proactively communicating
sensitive risk information and program status both horizontally and
vertically within an organization and its stakeholders.
- Strong written and oral communication skills, with capability
to use Microsoft Office solutions
- Ability to collaborate with team members in a cross functional
and matrix IT organization.
To confirm to U.S. Government space technology export
regulations, applicant must be a U.S. citizen, lawful permanent
resident of the U.S., protected individual as defined by ITAR (22
CFR120.15) or eligible to obtain the required authorizations from
the U.S. Department of State.
Virgin Galactic is an Equal Opportunity Employer; employment
with Virgin Galactic is governed on the basis of merit, competence
and qualifications and will not be influenced in any manner by
race, color, religion, gender, national origin/ethnicity, veteran
status, disability status, age, sexual orientation, marital status,
mental or physical disability or any other legally protected
Keywords: Virgin Galactic Holdings, Inc., Las Cruces , Director, Information Security, Other , Las Cruces, New Mexico
Didn't find what you're looking for? Search again!