This Manager, IT Security Operations is responsible for leading the team that identifies, investigates, and responds to security incidents affecting the organization's information assets. This role requires a deep understanding of cybersecurity threats, incident response protocols, and the ability to manage and mentor a team of security professionals. This role also assists senior leadership with their information security responsibilities. Overall, this role ensures that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.
Drives and maintains the information security risk management function, the development of information security programs and the identification and mitigation of information security risks.
Develops and aligns the mission and values of the information security risk management function with the mission and values of the business.
Develop and maintain incident response policies, procedures, and documentation.
Leads programs and processes to design a threat assessment framework, monitors the emergence of new threats and vulnerabilities, assess impacts and drive responses as appropriate. Ensures ongoing analysis of information security threats, vulnerabilities, and trends.
Supports the evaluation of risk mitigation language in third party agreements and vendor support contracts.
Leads incident detection and coordination with internal and external stakeholders to ensure comprehensive incident response.
Ensures clear and timely business advice is provided to executive management on key information security and assurance issues. Additionally, develops metrics reporting to communicate effectiveness.
Analyze security incidents to identify attack vectors, techniques, and potential impacts
Establishes an information security and risk management functional capability and framework.
Ensures that information security and risk is adequately represented on business and governance forums across the enterprise.
Maintains relationships with threat intelligence communities, local, state and federal law enforcement and other related government agencies.
Monitors compliance with information security policies, standards, and processes and enforces remediation of non-compliance.
Manage the implementation and maintenance of security monitoring and incident response tools.
Work with business unit managers and form alliances on projects, operational decisions, scheduling requirements/ conflicts and vendor contract clarification.
Plan, implement, direct, and monitor IT technology solutions to ensure successful fulfillment of end-user requirements, proper and accurate testing and sound implementation. Deliver solutions consistent within current context of overall architecture.
Maintain and control budget, schedule and resources.
EDUCATION AND EXPERIENCE
Relevant combination of education and experience may be considered in lieu of degree.
Bachelor's degree in computer science, business administration or a technology-related field.
Seven (7) years of experience leading information risk, security and governance teams, transforming functions and changing culture.
Demonstrated experience as a leader in information security program management.
Professional security management certification such as CISA, CISM, CISSP is preferred.
Experience with leading the response to incidents, crises, and investigations with sensitivity, tenacity, and a focus on detail.
Extensive experience in information security architecture, information security standards, consultative stakeholder management, and strategic planning.
Experience with classified networks, information classification, and confidentiality requirements associated with high security environments.
QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
OTHER SKILLS AND ABILITIES
Deep understanding of information security architecture discipline, processes, concepts, and best practices.
Deep understanding of control, risk management and audit issues; demonstrated consultative approach to driving change and deploying controls.
Knowledge of common information security management frameworks such as NIST, COBIT, ISO/IEC 27001, ITIL, and HITRUSTT.
Knowledge and understanding of relevant legal and regulatory requirements such as HIPAA, FISMA, NIST 800-53, etc.
Knowledge of information security and risk control frameworks as well as business continuity and IT disaster recovery frameworks.
Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction, in a culturally diverse, matrix management environment.
Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to both technical and non-technical stakeholders, including executive managers and vendors.
Background in project management, financial/budget management, scheduling and resource management.
Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion.
Proficiency with security information and event management (SEIM) systems, intrusion detection/prevention systems (IDS/IPS), and other security monitoring tools.
SUPERVISORY RESPONSIBILITIES
Directly supervises a varied number of employees in the designated department(s). Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include interviewing, hiring and training employees; planning, assigning and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.
ADDITIONAL INFORMATION
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. This job description does not constitute a contract for employment.
WORKING CONDITIONS
Work is performed in an office setting with no unusual hazards.
Pay Range
Actual compensation decision relies on the consideration of internal equity, candidate's skills and professional experience, geographic location, market and other potential factors. It is not standard practice for an offer to be at or near the top of the range, and therefore a reasonable estimate for this role is between $102,400 and $171,500.
We are an Equal Opportunity Employer. Diversity is valued and we will not tolerate discrimination or harassment in any form. Candidates for the position stated above are hired on an \"at will\" basis. Nothing herein is intended to create a contract.
