MayStreet Inc. has immediate openings for a Director of Information Security. In this role you will be charged with orchestrating and implementing company-wide information security policies and programs to safeguard all systems from internal and external cybersecurity threats. This is a high visibility role reporting directly to the CTO and involving routine meetings with senior leadership.

This role is open to fully-remote in the US only, requires working East Coast hours and requires obtaining government security clearance, therefore, only US Citizens can be considered.
Who we are

MayStreet is a global software company Headquartered in New York City, servicing the world’s top capital markets trading companies. We’re building the next generation of capital markets technology. Global capital markets are an ocean of fast-moving, interrelated and complex data. Historically it’s been nearly impossible for all but a select few firms to make use of much of this data. MayStreet solves this problem by managing collection, storage and providing API access to uniquely high-quality data sets. 

Current Strategic Pursuits

• Create/implement a strategy for the deployment and development of information security technologies, policies and practices to secure protected and sensitive data and ensure information security and compliance with applicable laws.
• Monitor security vulnerabilities and hacking threats in network and host systems.
• Interpret standards, best practices & current risks to define corporate policies.
• Track latest IT security innovations and keep abreast of latest cyber security technologies and risks.
• Develop/implement business continuity plans to ensure continuous service through infrastructure/systems changes, security breach or if disaster recovery plan is triggered.
• Conduct a continuous assessment of current IT security practices and systems and identify areas for improvement.
• Run security audits, red teaming exercises, penetration testing and conduct risk assessments.
• Serve primary control point during significant information security incidents, convening a Security Incident Response Team (SIRT) as needed, and preparing situational reports (SITREP).
• Partnering with financial and legal officers and IT personnel in conducting investigations, preparing situational reports and remediation plans in connection with information security incidents and breaches.
• Own and manage company-wide risk and compliance programs including PCI, GDPR, Internal SDLC and the like.
• Regularly reporting to the Chief Technology Officer and senior company leadership on the state of the IT security infrastructure, the portfolio of security projects and advising on best practices and information security strategies.
• Managing relationships and liaising with external IT vendors, security experts and advisors.
• Championing and educating the organization and its employees about the latest security risks, strategies and technologies and run training and phishing campaigns as needed.

Qualifications

• Bachelor's degree in Computer Science, Information Systems, Information Security or a related field
• Certified Information Security Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), or related certification is required.
• Master's degree in computer science and/or business administration is highly desirable.
• 7+ years IT security experience, preferably in managing security including highly sensitive financial data (PCI) and the European Data Protection and Privacy Directive (GDPR).
• Direct experience in the areas of systems architecture, administration, applications development, database administration, network operations, and data center operations.
• Experience securing various architectures and deployment strategies such as Managed Hosting, Software-as-a-service, Infrastructure-as-a-service (AWS), Platform as a service (Salesforce), etc.
• Develop and administer information security policies and procedures in a complex environment.
• Experience deploying and managing various MDM, endpoint, network, vulnerability and threat detection tools, policies and programs
• Complete information system auditing including computer security reviews, control selection, and evaluation of systems using a risk-based approach.
• Expertise in computer forensic investigation methodology and investigation tools to collect, analyze and preserve electronic evidence.