Security Operations Manager

We’re looking for a Security Operations Manager! Reach out if you’re interested and feel free to refer friends/colleagues!

Type of Employment: Contract
Title: Security Operations Manager
Term: Full-time
Location: Remote for now
Job ID number: C1033

Brief description of duties:

• Work with the Sr. Officer, Security & Compliance to develop a security program and security projects that address identified risks and meet other security requirements that will enable our business to achieve its objectives.
• Manage the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing the Sr. Officer, Security & Compliance with a realistic overview of current risks and threats in the enterprise environment.
• Work with the Sr. Officer, Security & Compliance to develop budget projections based on short- and long-term goals and objectives.
• Manage a team of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership, mentoring, and coaching, including technical and personal development programs for team members.
• Work with our internal Communications and Learning teams to provide security awareness and training for a wide range of audiences, which ranges from senior leaders to field staff.
• Work as a liaison with vendors, legal and procurement departments to validate or provide security requirements for mutually acceptable contracts and service-level agreements.
• Participate as a member of Change Advisory Board (CAB) meetings to identify and raise security concerns related to proposed IT changes a ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software.
• Work with the Sr. Officer, Security & Compliance, and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools and ensure that they are optimally configured to address security risks.
• Coordinate, measure, and report on the technical aspects of security management.
• Manage the vendor that provides our outsourced security operations center (SOC) by ensuring the quality of service and compliance with contracted service-level agreements.
• Manage and coordinate operational components of incident management, including detection, response, and reporting.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate remediation status.
• Ensure audit trails, system logs and other monitoring data sources of key systems are being ingested by the SIEM and appropriate alerts have been configured to identify potential threats.
• Engage external consultants to conduct security penetration tests of systems, networks, and applications, and manage the remediation of identified risks.

MUST haves:

• A minimum of seven years of IT experience, with five years in an information security role and at least two years in a management/supervisory capacity.
• A bachelor’s degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
• CISSP and/or CISM certifications are desirable.
• Strong leadership skills and the ability to work effectively with business managers, IS operations staff with the capability to develop and guide information security team members and work with minimal supervision.
• Excellent verbal, written, and interpersonal communication skills.
• Hands-on experience with security technologies and tools such as SIEM, IPS, EDR, MDM, web content filters, and email security gateways is a must.
• A strong understanding of the business impact of security tools, technologies, and policies.
• Experience with common information/security management frameworks, such as International Standards Organization (ISO) 2700x, IT Infrastructure Library (ITIL), and National Institute of Standards and Technology (NIST).
• Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• A strong understanding of Windows and Linux operating systems, and network protocols.
• Extensive experience in vulnerability management including coordinating application and network security penetration testing as well as understanding the results from vulnerability scans and working directly with infrastructure and application teams to remediate.