Director, Cybersecurity

Overview

This is a hybrid role based out of Malvern, PA (3 days in office)

The Director of Cybersecurity is responsible for directing the organization-wide security and risk management framework and program to support the needs of CubeSmart and to ensure that information assets are properly protected. Reporting to the Vice President of Information Technology, this leader will direct a combination of strategic partners and proactively work across the organization to ensure security requirements are implemented and practices are adhered to according to policies and standards driving information security needs.

The Director will be a dynamic leader expected to play a critical role in shaping the company's strategic security direction. The leader will maintain a next generation comprehensive information security program with a continuous improvement and an evolutionary mindset in alignment with the risk posture of the organization. This leader will proactively identify opportunities to ensure rigor is in place for all areas in which the company operates and invests, including all headquarters functional areas, store level operations, and the identification of self storage acquisition/development opportunities.

The successful leader will proactively partner with technology peers and business units to educate, train, influence and implement practical policies, frameworks and procedures that align with the overall company strategy and generally accepted industry standards. This leader is expected to apply leading edge security practices to solve business challenges and develop a culture of high performance, adaptability, urgency, and productivity. This leadership position will serve as a key resource to the Vice President of Information Technology and the collective IT team.

This position requires a strong leader with skills in business management and a proven knowledge of information security tools and practices. The successful individual should have a diverse background and experience with information technology operations, infrastructure (cloud and on-prem), software development lifecycle, risk management, and audit compliance.

Who we are:

CubeSmart is a publicly traded real estate investment trust (REIT) focused on the development, acquisition, disposition, and management of self-storage facilities. CubeSmart is headquartered in Malvern, PA, a suburb of Philadelphia, and is one of the largest self-storage owners and operators in the United States, with more than 1500 locations nationwide.

Over the past five years, CubeSmart has grown significantly, acquiring approximately $1.5 billion in assets. Our growth is possible because of our 3,000 teammates across the country who work together to grow the company, serve our Customers, and deliver results through a culture of open communication and collaboration. We are excited to have you join our team and grow with us!

Responsibilities

Strategic Leadership

• Set the vision and strategy for IT security and utilization of tools and procedures to monitor and verify environment.
• Effectively and proactively collaborate with staff at all levels of the organization to devise and implement security solutions.
• Communicates cyber landscape and posture to board of directors on an annual basis.

Operational & Technical Leadership

• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Facilitate information security governance through implementation of a hierarchical governance program, including the formation of cyber task force committee or advisory board.
• Manage information security and risk management awareness training programs for all employees, contractors and approved system users.
• Facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings. Work with stakeholders through the enterprise on identifying acceptable levels of residual risk.
• Provide periodic reporting on the current status of the information security program to enterprise risk teams, and senior business leaders.
• Manage a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
• Execute strategies to handle security incidents to protect IT assets, head up investigations, provide reports, and devise solutions in the event of a security breach or near miss.
• Manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
• Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
• Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management.
• Maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices.
• Oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event, and provide direction, support and in-house consulting in these areas.
• Facilitate incident report training and annual tabletop exercises.
• Stay current on technology trends and alignment with external partners.

People Leadership & Management

• Create an engaging, collaborative work environment in which all team members are aligned around the functional and operational strategy.
• Seeks opportunities to network, build relationships and meet new contacts within and outside the department.
• Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
• Provide strategic direction, coach and mentor teammates.

Qualifications

Education, Training and/or Experience

• Bachelor Degree in Computer Science, Information Systems, Cyber Security or equivalent related technical field
• Masters' Degree a plus with a concentration in IT security
• At least 8-10 years' experience managing security aspects for IT
• Security design and implementation experience in a large-scale retail and consumer environment
• Certifications in one or more areas: CISSP, CISM, CISA, ECSA
• Strong oral, written and interpersonal communication skills. Ability to effectively convey complex information
• Strong business process knowledge and application of technology solutions
• Familiarity with third-party audits and cloud risk assessment methodologies

Knowledge, Skills, Abilities and Personal Characteristics

• Advanced understanding regarding security concepts related to DNS,routing, authentication, VPN, proxy services, and other mitigation technologies
• Familiarity or experience with ISO 27001/27002, ITIL, CIS, and NIST Cybersecurity frameworks
• Experience with PCI, and SOX compliance assessments
• Knowledge of firewall and intrusion detection/prevention protocols
• Experience with secure coding practices ethical hacking and threat modeling
• Familiarity with network security architecture development and definition
• Experience implementing identity management and privileged access management capabilities
• Service oriented leader who possesses a true 24x7 support and service mentality.
• Strong talent developer who provides their team opportunities for growth and development.
• Collaborative leader who creates open channels of communications and encourages constructive dialogue.
• Strong business skills and demonstrated ability to build solid working relationships with teammates, business leaders, and stakeholders while exhibiting genuine care.
• Innovative problem solver who uses critical thinking approaches to proactively solve a broad range of problems across business processes and related technologies.
• Excellent, transparent, and persuasive communication and presentation skills with the ability to distill complex information for non-technical audiences.

We are an Equal Opportunity Employer, Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

#LI-MT1