JOB SUMMARY: As the Director of Security & Cloud Architecture the primary responsibilities involve leading and overseeing the security services delivered to Managed Services clients. This role requires the establishment and documentation of best practices, tools, and processes that adhere to SLA and escalation standards, to ensure the team meets all contractual obligations. The Director also manages the development and implementation of security tools and methods, such as patching strategies and continuous monitoring solutions, to mitigate security risks effectively. Additionally, this position is responsible for defining and enhancing the security offerings within the company's portfolio, presenting these to leadership, and overseeing the design and deployment of advanced security solutions across various platforms including Microsoft services.

In addition to technical leadership, the Director of Security & Cloud Architecture plays a critical role in strategic and operational oversight. This includes executing and documenting approved security offerings, overseeing managed detection and response services, penetration tests, vulnerability solutions, and ID Agent Dark Web scanning to ensure high-quality and timely delivery. The Director provides consultative services to clients, including the creation of Incident Response Plans (IRP) and compliance guidance. Additionally, the role will perform pre-sales activities that involve technical support during sales presentations, discovery sessions, technical writing for Statements of Work (SOWs), and preparation of Work Break-down Structures (WBS) for project delivery.

ESSENTIAL FUNCTIONS:

• Lead the security services provided to our Managed Services clients. Define and document best practices, tools, and processes, including SLA and escalation standards, ConnectWise (CW) ticket handling, time entry, resource forecasting, etc., and monitor to hold the team accountable for meeting contractual obligations.

• Own the tools and methods related to security, including patching strategies to mitigate identified security risks and other solutions for continuous monitoring and response to security events.

• Lead the efforts to define security offerings that should be added to our portfolio and present them to leadership.

• Lead the design and implementation of advanced security solutions including identity protection, threat management, and information protection across Microsoft services.

• Execute approved security offerings establishing appropriate documentation and best practices to be used from a business development and operational standpoint.

• Oversee offerings like managed detection and response, penetration tests, vulnerability solutions, and ID Agent Dark Web scanning.

• Oversee all security and compliance engagements to ensure quality and timely delivery.

• Provide guidance and mentorship to the Security team.

• Provide consultative services to clients, i.e., creation of IRP plans, and guidance on compliance with SOC, NIST, CMMC, PII, and PCI.

• Assist with developing CMMC and other compliance frameworks for our internal organization to gain experience in providing external facing guidance to clients.

• Lead security related pre-sales activities for Managed Services including the following:

• Provide expert support during sales presentations, focusing on solutions and business benefits.

• Pre-sales discovery sessions and document Client technical and functional requirements.

• Technical writing for Statement of Works (SOWs), specifically focused on architecting solutions and defining the scope to be implemented.

• Prepare Work Break-down Structure (WBS) for delivering the defined scope.

• Act as a technical resource and liaison between the business development team, the proposal and capture team, and the Client.

• Research, learn, and present third-party solutions as required to meet Client requirements.

• Attend trade shows and conferences to build relationships and actively network with key clients and partners.

• Maintains current Microsoft certifications and other certifications as applicable.

• Other duties as assigned.

LMA - Leadership, Management, and Accountability:

• Run L10 meetings, define metrics, define rocks, and IDS issues

• Keep expectations clear, communicate well, reward and recognize your team

• Deliver right meeting pulse, weekly 1:1's, quarterly conversations, annual performance reviews

• Be a role model, "walk the talk," lead by example, portray our core values, and represent our brand appropriately to your team and the entire company

• Lead Performance Management for your team, including using People Analyzer, PIPs, Code of Conduct, Progressive Corrective Action Policy, Career Growth & Professional Development

• Participate in the timesheet and expense report approval process

• Manage and mentor a team of billable consultants

• Guide team members regarding how to meet goals and other objectives

• Identify strengths and issues; drive and develop better behavior (team building, skill enhancement, training)

• Encourage and support employee engagement to enhance the success of Arctic IT

• Build strong relationships with team members and external contacts

• Utilize our team and delegate tasks appropriately to increase efficiency and execution timing

QUALIFICATIONS:

• Bachelor's degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).

• Current Microsoft certifications (e.g., Azure Security Engineer, Microsoft Certified: Security, Compliance, and Identity Fundamentals) are required.

• Certifications such as CISSP, CISM, CEH, CCSP, or other relevant security certifications are strongly preferred.

• Strong knowledge of compliance frameworks such as CMMC, SOC II, PCI, NIST, etc

• 10+ years of experience in IT security, compliance, or cybersecurity, with a proven track record in leadership roles.

• 5+ years of experience managing a team of IT security professionals, including hiring, mentoring, and performance management.

• Demonstrated experience leading and delivering managed security services to clients, including SLA management and escalation processes.

• Experience designing and implementing advanced security solutions in Microsoft services, including identity protection, threat management, and information protection.

• Demonstrated ability to lead a company in creating policies and security plans such as BCP, IRP and User Access and Acceptable Use.

• Experience working on structured IT projects including assessing requirements and scope, documenting design, identifying tasks and estimates, coordination with project manager(s) to plan and execute, and project close out activities.

• Deep understanding of Azure AD and Azure Identity solutions including password-less and MFA authentication, Microsoft EMS (Enterprise Mobility and Security), Intune, and Endpoint manager.

• Must have a valid state driver's license, reliable personal transportation, and auto insurance.

• Applicants are subject to government security investigations and must meet eligibility requirements related to the clearance process.

WORKING ENVIRONMENT:The majority of work for this role is performed in a home office and interacts with a wide variety of people with differing functions,personalities,and abilities.Telecommuters are expected to havesufficienthome office space that appears neat,organized,and professional when on video meetings.Travel is required and varies around 25%.

REASONABLE ACCOMMODATION: It is Arctic Information Technology, Inc.'s business philosophy and practice to provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities.

PREFERENCE STATEMENT: Arctic Information Technology, Inc. grants preference to qualified Doyon Shareholders first, and second to qualified shareholders of other Alaska Native corporations that grant a similar preference in all phases of employment and training, which include, but are not limited to hiring, promotion, layoff, transfer, and training.

PAY TRANSPARENCY STATEMENT: Arctic Information Technology will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of the other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consent with the contractor's legal duty to furnish information.

Arctic Information Technology Inc. is a Federal Contractor and complies with the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA).

Arctic Information Technology, Inc. is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, disability, veteran status, and other protected characteristics. The EEO is the law, and the poster is available at https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf.

For questions on the job posting contact 844.461.9500.

#LI-Remote