The Information Security Operations and Incident Response Manager serves a critical role responsible for the development, implementation and operations of the enterprise security architecture. This role is responsible for the management of the tools and services that provide the operational support for the security program. This position will bring not only leadership but also technical expertise mentoring team members as well as an active team member driving objectives to completion.
- Manage day-to-day operations including direct staff and functional staff objectives across all regions
- Establish and maintain the right team and processes to continually deliver across the enterprise including contractors, consultants and suppliers
- Coach and lead team members, nurture talent to develop a broad skillset relevant to their career development
- Drive adoption of new tools, techniques and technologies understanding their value and impact
- Directly contribute to the development and execution of a multiyear roadmap for the overall Information Security Program
- Establish and maintain operational SOPs for all responsible areas and technologies
- Establish, maintain and report metrics to accurately track the current state of defenses, protections and performance
- Work with and manage third party service partners as needed on risk assessments, vulnerability scans, penetration testing, incident management, managed SIEM, IDS/IPS, Data Loss Prevention (DLP), and threat intelligence
- Manage the consolidation of large sets of data specific to threats and vulnerabilities to develop meaningful metrics and apply accurate risk weighting and prioritization
- Oversee and coordinate remediation efforts of identified cybersecurity vulnerabilities
- Provide Incident Response leadership when analysis confirms actionable incident
- Ensure the successful completion and recording of scanning activities as required by audit and regulatory authorities
- Investigate, document, and report on information security issues and emerging trends
- Collaborate and coordinate with the Risk and Compliance team on technical / cyber risk assessments
- Support and participate in the development, automation, execution and monitoring of security operations controls in support of the Information Security Program, including the writing of needed documentation such as standards, procedures and guides
- Support and participate in the research, evaluation, design, and testing of information security solutions to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software, liaising with the Enterprise Security Architect and/or Engineer as necessary
Experience and skills:
As The Security Operations and Incident Response Manager, your mission will be to oversee security operations and Incident Responsive activities for a highly technical and agile technology company where innovation and speed to market are key to business success.
- 7+ years of experience in the related technology fields
- Previous supervisory experience strongly preferred
- Extensive experience in threat hunting, malware analysis, log reviews, and memory analysis
- Strong Project Management experience
- High-level understanding of computer security concepts such as Identity & Access Management, Network Security, Application Security, and Incident Management
- Extensive experience with SIEM and/or log aggregation technologies such as Qradar and Sumo Logic
- Experience investigating computer network intrusions and incident response in an enterprise environment, preferably in a Security Operations Center (SOC)
- Strong understanding of information security concepts, protocols, industry best practices, strategies, frameworks and regulations such as International Standards Organization (ISO) 2700x, NIST Cybersecurity Framework, Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley (SOX).
- Experience with and ability to document processes, systems and controls.
- Understanding of networking concepts and protocols (such as DNS, SMTP, FTP, SSL, etc.)
- Understanding of threat vectors as well as exfiltration techniques preferred
- Understanding of the Software Development Life Cycle and Development Operations principals
- Familiarity with Cloud Security principles and practices as they relate to Security Operations and Incident Management
- Extensive knowledge of relevant legal and regulatory requirements as well as privacy laws preferred
- Bachelor's degree in Computer Science, related technology field or equivalent work experience
- Certified Information Systems Security Professional, Certified Information Security Manager or other relevant industry certification preferred
All your information will be kept confidential according to Equal Employment Opportunities guidelines.