On April 28, 2021, Avelo took flight as America’s first new airline in nearly 15 years – ushering in a new era of affordable, convenient, and reliable air travel. Founded and led by airline industry veteran, Andrew Levy, along with a team of world-class airline executives, we endeavored to build a different and better kind of airline with one mission in mind: “To inspire travel” and we’ve done so with industry-leading reliability and a caring Soul of Service. If you are looking for the opportunity to join a new and exciting airline that offers the chance to make your mark on aviation history, keep reading!

PURPOSE: The Director, Cyber Security, is responsible for developing and executing comprehensive strategies to safeguard our organizations digital assets, systems, and information. You will execute the necessary actions for ensuring outcomes for a secure environment. This includes leading skilled cyber security professionals while collaborating across departments to ensure the highest level of protection against evolving cyber threats. This is a strategic leadership role that requires a deep understanding of cyber security best practices, technology trends, and risk management.

RESPONSIBILITIES

1. Strategy and Planning:

• Develop and implement a holistic cyber security strategy aligned with the organizations business objectives.
• Stay abreast of emerging cyber threats, vulnerabilities, and industry trends to adapt the strategy accordingly.
• Create a roadmap for the enhancement and maintenance of cyber security policies, procedures, and technologies.

2. Leadership:

• Lead, mentor, and motivate a team of cyber security experts, providing guidance and fostering professional growth.
• Collaborate with cross-functional teams to ensure a cohesive and coordinated approach to cyber security across the organization.
• Foster a culture of security awareness and vigilance among all employees.

3. Risk Management:

• Identify potential cyber security risks and vulnerabilities through continuous assessment and proactive threat modeling.
• Implement risk management strategies to mitigate threats and minimize potential impacts on the organization.
• Lead incident response and recovery efforts in the event of a cyber security breach or incident.

4. Security Architecture and Technology:

• Oversee the design, implementation, and management of security architecture, ensuring the confidentiality, integrity, and availability of data and systems.
• Evaluate and recommend new cyber security technologies, tools, and solutions to improve the organizations security posture.
• Collaborate with IT teams to ensure that security is integrated into the organizations technology infrastructure.

5. Compliance and Regulations:

• Ensure compliance with relevant industry standards, regulations, and data protection laws (e.g., PCI, SOX, GDPR, HIPAA, ISO 27001).
• Establish and maintain relationships with regulatory bodies and external partners to ensure alignment with security requirements.

6. Training and Awareness:

• Develop and deliver cyber security training programs for employees at all levels, promoting a strong security culture.
• Conduct periodic security awareness campaigns to educate staff about potential threats and best practices.
• Establish and execute organizational KPI metrics to measure security risk and compliance around network, threat management, applications, and the overall technology ecosystem.

7. Vendor and Third-Party Management:

• Evaluate the security posture of third-party vendors and partners and establish security requirements for contracts.
• Collaborate with procurement and legal teams to ensure security considerations are integrated into vendor agreements.

QUALIFICATIONS:

• Bachelors or Master’s degree in Cyber Security, Information Technology, Computer Science, or related field (advanced certifications preferred).
• Proven experience (8+ years) in a senior cyber security role, with at least 3 years in a leadership or managerial capacity.
• In-depth knowledge of cyber security principles, risk management, and compliance standards.
• Strong familiarity with security technologies such as firewalls, intrusion detection systems, SIEM, encryption, and endpoint security.
• Excellent communication and interpersonal skills, with the ability to convey complex technical concepts to non-technical stakeholders.
• Demonstrated experience in leading and managing incident response and recovery efforts.
• Strong analytical and problem-solving skills with a strategic mindset.
• Experience as a hands-on software engineer so you understand the core principles of engineering work.

X-FACTORS:  

• Professional certifications such as CISSP, CISM, CISA, or similar are a plus.
• Experience as a hands-on software engineer so you understand the core principles of the engineering work.
• You are obsessed with performance of technology systems, site-speed and reliability.
• You are a team player – at Avelo we succeed as “One Crew.”
• You have uncompromising integrity – at Avelo we “Do the Right Thing.”
• You work fast and get stuff done – we are growing fast and seek fellow Crewmembers who thrive in a dynamic and high-velocity startup environment.
• You are hungry and humble – you are never content with your big wins and share our belief that excellence is a never-ending journey of continuous learning and improvement.
• You are obsessed with detail – you know small oversights are the source of big problems.
• You can identify root cause on opportunities for improvement – looking past the symptoms to get to the source allows sustainable improvements.

May perform other responsibilities as assigned. Responsibilities and duties may change when circumstances dictate (e.g., emergencies, changes in workload, etc.). 

Avelo is an equal opportunity employer.