The information security team consists of seven people, including CISO, InfoSec Manager, an assistant Infosec Manager, two (2) InfoSec Administrators, two (2) InfoSec Analysts. The team is located in the United States and India. This new position will be the 8th InfoSec team member. This position is a remote position, but the individual must be located in the United States. The typical working hours is Monday through Friday, 8 AM to 5 PM Pacific Time. This position will be required to meet with the India team on a weekly basis at around 8 PM Pacific Time. Infrequent travel may be required.
The Information Security Operation Manager’s primary responsibility is to ensure the smooth operation of the Information Security teams. The first is overseeing the operations of the enterprise’s security solutions through the management of the firm’s security personnel. The second is establishing an enterprise security stance through policy, and training processes. Secondary tasks will include the oversight of any vulnerability audits and assessments. This role is expected to interface with peers in the Systems and Network departments as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and cooperation.
· You have helped build and run successful security/InfoSec organizations
· You have multi year (>5 years) of experience in the InfoSec space
· You have multi year (>2 years) of experience in leading and managing a medium or large-scale security teams
· You have real-world experience in security concepts like Identity, Data protection, Monitoring, vulnerability management, and Incident Response
· You are results-oriented, can work backward from customers’ needs, and help build a world-class security team
· You are someone who can think big and start small in a fast-paced environment
· You have hands-on experience, and you have used Automation to scale the security program
· You have expert knowledge in security testing and monitoring tools and techniques
· You are a strong communicator who is comfortable working cross-functionally, with a track record of delivering results and demonstrating strong ownership
· Ensure that security-related tickets and incidents are responded to in a timely fashion.
· Ensure the enforcement of enterprise security documents.
· Supervise all investigations into problematic activity and provide ongoing communication with senior management.
· Supervise the design and execution of vulnerability assessments, penetration tests, and security audits.
· Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents.
· Engage in ongoing communications with peers in the Systems and Networking groups as well as the various business groups to ensure enterprise-wide understanding of security goals, solicit feedback, and foster cooperation.
· Oversee the creation and maintenance of the enterprise’s Business Continuity Plan and Disaster Recovery Plan.
· Create and maintain the enterprise’s security awareness training program.
Security Awareness and Professional Development:
· Develop and maintain a quarterly security awareness training program for BPM
· Develop, deploy, and maintain a security awareness program for IT staff.
· Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
· Understanding the firm’s risk exposure and developing appropriate information and cybersecurity strategies.
· Building a prioritized roadmap for project investments and organizational change initiatives and validating that the firms security investments have improved its security posture.
· Defining and implementing cybersecurity-related frameworks supported by policies, standards, and procedures in line with internal and/or external (compliance) requirements.
· Monitoring progress, managing risk, and ensuring key stakeholders are kept informed about progress and expected outcomes. Stay abreast of current industry trends relevant to our clients.
Formal Education & Certification
· College diploma or university degree in a technical field and/or 5 years equivalent work experience.
· One or more of the following certifications is highly desirable: GIAC Security Leadership Certification, ISACA CISM, ISC)2 CISSM
Knowledge & Experience
· Understanding of basic project management concepts
· Experience in managing security staff (both onshore and offshore). Must be able to motivate staff and set vision.
· Ability to work with minimal supervision.
· Firm understanding of Information Security concepts.
· Extensive experience in enterprise security document creation.
· Experience in designing and delivering employee security awareness training.
· Experience in developing Business Continuity Plans and Disaster Recovery Plans
· Proven analytical and problem-solving abilities.
· Ability to effectively prioritize and execute tasks in a high-pressure environment.
· Good written, oral, and interpersonal communication skills.
· Ability to conduct research into IT security issues and products as required.
· Ability to present ideas in business-friendly and user-friendly language.
· Highly self-motivated and self-directed.
· Keen attention to detail.
· Team-oriented and skilled in working within a collaborative environment
· Strong desire to constantly learn new things