|Date Posted||October 10, 2017|
Cyber Security Manager
The Cyber Security Manager is responsible for managing the execution of threat and vulnerability management functions including the design and development of vulnerability scan profiles, oversight and execution of vulnerability assessments, the development of mitigation tasks, and ensuring deployments of security tools to resolve identified vulnerabilities in accordance with leading security practices occur. This position also drives the analysis of threat vectors and addresses threats resulting from health check reports. The Cyber Security Manager functions in collaboration with a number of IT areas and main business units as well as acting as a liaison to field based Distribution Centers (DC's), contractors and managed services staffing with whom he/she comes in contact.
This position possesses an enterprise view and understanding of all systems and technologies in place, along with an advanced knowledge of Security management and monitoring tools, support models, and computing platforms deployed throughout the company. This position plans, performs or assists with enterprise operations concerning the configuration, management and delivery of the most complex systems and/or services delivered. While primarily responsible for the Security Operations team, this position possesses an advanced understanding of enterprise level Cyber Security and leverages that knowledge to implement and maintain a secure operating environment, including recommending and implementing improvement opportunities.
The position is directly accountable for the Incident Management process.
-Drive and develop policies and procedures for identifying threats and vulnerabilities
-Lead and conduct threat research and identify events with a potential negative impact on the goals or operations, including business unit, regulatory, legal, technology and third-party services
-Schedule and conduct vulnerability assessments to identify weaknesses and implement countermeasures
-Lead and conduct scheduled health checks and vulnerability assessments using automated tools (such as Frontline, Tenable, etc.) on a continuous basis to demonstrate ongoing risk reduction
-Strong understanding of endpoint security such as Cylance and Crowdstrike
-Strong network security background and full understanding of Cisco and Palo Alto firewalls
-IDS/IPS implementation and support experience
-Full understanding of networking concepts from the physical layer up to the application layer
-Possess working knowledge of MDM (Mobile Device Management) platforms such as AirWatch, MobileIron, Good, Mass360
-Possess Windows and Linux background
-Model threats according to qualitative and quantitative measures including potential business impacts supported by input from IT and/or business representatives
-Define, maintain, and publish Threat and Vulnerability Metrics to signify the state of system security, threat, and vulnerability postures
-Work closely with IT Compliance to manage tracking and remediation of vulnerabilities by leveraging action plans and timelines
-Responsible for owning the Security Awareness program
-Recommend policies, standards, and processes or procedural updates as part of a comprehensive vulnerability resolution plan
-Provide Security oversight as needed to various projects
-Act as a key member of the Cyber Incident Response Team (CIRT)
-Remain current on the latest Information Technology Security trends
-Monitor company's networks for security breaches and investigate violations
-Design, implement, and maintain a cybersecurity plan
-Develop and direct implementation of security standards and best practices
-Recommend security enhancements
-Full understanding of data leakage protection, the value of patching, encryption methodologies, vulnerability scanning, penetration testing, etc.
-Perform annual risk assessments for applications, hardware and services
Experience(s) that Best Prepares You:
-Education: Bachelor degree from an accredited College or University in Computer Science or a related discipline
•Experience: 5 or more years in information technology, preferably in an information Security role
-CISSP, CISM, CEH, CCNA, CCNP, MCSE, OSCP, CRISC or other highly recognized security certifications required
-Strong understanding of Cybersecurity frameworks such as NIST, PCI-DSS
-Process improvement experience within an IT or Cybersecurity environment
-Experience in implementing and maintaining an enterprise Threat and Vulnerability Management program
-Significant experience with Vulnerability tools such as Tenable (Nessus), Frontline, Rapid7 Nexpose, Qradar, etc.
-Advanced Network and Firewall literacy required
-Proficiency in Microsoft Office applications, particularly Word, Excel, Outlook and PowerPoint
-Ability to understand and work in a complex technical processing environment through use of sophisticated and leading-edge tools
-Outstanding customer service skills to include: the ability to relate to others; actively listen to/ understand the customer; anticipate customer needs; communicate complex or technical information in a clear, concise manner; and provide high-level customer satisfaction
-Outstanding verbal and written communication skills including communicating high volume of complex and technical information in a clear, concise manner-written and verbal communication for both internal and client consumption
-Ability to understand the data, technical issues and impact on projects; and effectively communicate these issues and impact to other project stakeholders
-Expectation of and available in an on-call capacity to assist with issues that arise outside of company's standard business hours
-Ability to influence other departments (within IT and across company) to drive results in order to meet customer needs and gain and improve customer satisfaction
Interested candidates please send resume in Word format Please reference job code 59909 when responding to this ad.