At CoreCivic, our employees are driven by a deep sense of service, high standards of professionalism and a responsibility to better the public good. CoreCivic is currently seeking a
Director of Cybersecurity located at our corporate office in Brentwood, TN. Come join a team that is dedicated to making an impact for the people and communities we serve.
This position would require a hybrid work schedule of 3 days per week onsite and 2 days remote out of our Brentwood, TN office location.
The Director, Cybersecurity leads the Cybersecurity program and team to protect the organization's critical information assets through NIST Cybersecurity Framework and practices, ensures regulatory compliance and helps the organization become more proactive in addressing vulnerabilities and risks. Establishes, monitors, manages and maintains technologies and processes used to secure company information systems, networks and data, in close collaboration with IT, Security Compliance, Risk Management and strategic managed services partners. Drives security initiatives to ensure that cyber security and all other information systems are implemented, maintained and operated in a secure mode. Manages the Cybersecurity Engineer team, leading this team to help support IT Security Governance and Compliance programs. Manages security requests, investigates and responds to alerts and incident tickets, develops and maintains security documentation, network and endpoint security, vulnerability, identity and access management, incident response, SIEM and log management, cloud security operations, overall security monitoring and reporting. Contributes to internal control testing related to client and regulatory audits by gathering and submitting proper technical evidence based on control testing needs and ensuring control tests are completed comprehensively and timely. Collaborates with key internal/external stakeholders and senior leadership in responding to and managing all security events and incidents to ensure protection of company and client assets across the business.
Essential Functions
The incumbent should be able to perform the following functions at a pace and level of performance consistent with the job performance requirements.
- Develops and implements comprehensive cybersecurity strategy and roadmaps to safeguard information assets. Drives strategy for security awareness management and identifies opportunities to improve visibility and sophistication of response capability.
- Manages staff in the performance of their duties and evaluates as prescribed by company policy. This includes training new employees, evaluating performance and preparing written performance reviews, listening to concerns and effectively resolving disputes or issues, taking corrective action or disciplinary action, developing work schedules for staff and approving leave requests.
- Leads teams in performing cybersecurity assessments to detect and identify weaknesses in the security posture of the organization's information technology environment.
- Ensures compliance with NIST-800-53, NIST 207-A, NIST 1800-35 and Sarbanes-Oxley regulations.
- Assists with the development and maintenance of security policies, procedures and guidelines.
- Demonstrates and applies subject matter expertise in cybersecurity technologies and security frameworks (NIST, ISO27001).
- Collaborates with staff, senior management, and business unit partners to assess and support organization risk mitigation strategies. Collaborates with other departments to integrate cybersecurity measures into business processes and systems development.
- Ensures that problem and request tickets for assigned technology are managed appropriately and ensures availability of supported technology.
- Manages incident and recovery processes to minimize impact and ensure prompt resolution of security threats.
- Monitors and reports on cybersecurity performance and compliance metrics to senior leadership.
- Oversees the design and implementation of security solutions, including firewalls, intrusion detection systems and encryption protocols. Organizes, oversees and facilitates an enterprise-wide security program.
- Manages personnel, budget and operations across the enterprise environment. Works with internal team members and establishes and maintains relationships with external partners such as law enforcement, vendors and industry peers.
- Leads and mentors a team of cybersecurity professionals, fostering a culture of continuous improvement and professional development.
- Domestic U. S. travel is required.
Qualifications
Graduate from an accredited college or university with a Bachelor's degree in Computer Science, Information Technology or related field is required.
Seven years of Cybersecurity experience, including three years in a supervisory capacity is required.
Additional years of related experience may be substituted for the required education on a year-for-year basis.
Current CISSP, CISM, CISA or similar certification in good standing is required.
Extensive technical understanding of security frameworks (e.g., NIST, CobIT) for cybersecurity, physical security, data security, security controls, incident response and/or network/cloud architecture is required.
Demonstrated experience in planning, executing and supporting business continuity and disaster recovery projects and proven ability to develop and execute security strategies, roadmaps and plans is required.
Strong background and/or experience managing complex projects involving internal teams, vendors and external contractors; leading internal and external IT security audits and collaborating with audit committees is required.
Must demonstrate the ability to build consensus and collaborate with diverse groups to meet business objectives while maintaining business agility and versatility in leading a small team and providing hands-on troubleshooting as needed.
Must demonstrate independent judgement and time management abilities in a dynamic work environment.
Excellent verbal and written communication skills and the ability to clearly articulate security needs at all levels of the organization are required.
Proficiency in Microsoft Office applications is required.