Manager, IT Cyber Security

at National General Insurance
Published October 2, 2020
Location Atlanta, GA
Category Default  
Job Type Full-time  

Description

Primary Purpose:

Promote an innovative, forward thinking culture to develop, implement and monitor a strategic, comprehensive enterprise cyber security program. Lead a multidisciplinary team responsible for cyber incident response, monitoring, threat assessment/mitigation, cyber systems architecture design and implementation while advancing enterprise cyber security capabilities.

Essential Duties and Responsibilities:

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

  • Develop and propose Cyber Security budget based on current and projected cyber security needs as it pertains to personnel, security solutions, and managed services
  • Encourage the development of Cyber Security personnel through coaching and specified training to accomplish organizational goals
  • Understand technology disciplines which include but are not limited to, endpoint security, data loss protection, firewalls, intrusion detection and intrusion prevention, application and system scanning tools, log collection and monitoring
  • Identify, select and manage security vendors to ensure that service delivery and support meet performance and business objectives
  • Evaluate and assess current and future security needs of the organization continuously, make recommendations and develop business cases to substantiate requested changes
  • Understand, align, and adhere to the regulatory and compliance requirements as they continually evolve
  • Oversee the approval, training, and dissemination of security policies and practices as it relates to cyber security
  • Manage relationships with third party providers of business services to the organization which includes negotiation of contract language and evaluation of third party risks related to cyber security practices
  • Provide regular reporting on the cyber security program to the Senior Leadership Team, Internal Risk Management, audit committees, etc
  • Coordinate with various internal business units to include Infrastructure and Application development teams to ensure alignment with IT Cyber Security recommended best practices
  • Manage security incidents and monitor the external environment for emerging threats, and collaborate with relevant stakeholders on the appropriate courses of action
  • Rely on experience and judgment to plan and accomplish goals; a wide degree of creativity and latitude is expected

Minimum Skills and Competencies:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Bachelor Degree or in-lieu of degree equivalent education, training and work-related experience
  • 7+ years of experience as a Cyber Security Analyst or similar job role
  • 5+ years of increasing managerial experience
  • Demonstrated technical experience with the following disciplines: Data Leakage Protection, File Integrity Monitoring, SIEM, Vulnerability Management, Endpoint Protection, Endpoint Detection and Response, Email Gateways, Firewall Management, Web Application Firewall Management, Multi-factor Authentication, SSL Certificate Management, Hardware Security Modules.
  • Working knowledge of multiple security and compliance frameworks: PCI, HIPAA, HITRUST, FISMA, NIST.
  • Experience with enterprise security tools such as Tripwire Enterprise, Tripwire IP360, Nessus, BeyondTrust Retina, Qradar, Trustwave TrustKeeper, Proofpoint, McAfee ePO/HBSS
  • Current IT Security related certifications, including one or more of the following: CISSP, CEH and/or CISM
  • Effective organization and time management skills with the ability to work under pressure in a dynamic environment
  • Excellent interpersonal, verbal, and written communication skills with the ability to communicate cyber security risks and related concepts to a broad range of technical and non-technical groups
  • Ability to research, develop, and make executive presentations for tools, techniques, and process improvement opportunities in support of cyber security initiatives and evolving threats within the organization
  • Demonstrated knowledge and understanding of relevant legal and regulatory requirements frameworks such as: PCI, NIST, SOX, MARS-E, HIPPA, ISO27000
  • Excellent project management skills including scheduling and resource management
  • Ability to function effectively in a fast-paced environment, handle multiple efforts simultaneously, prioritize and meet deadlines
  • Proficient in Microsoft Office (Word, Excel, Outlook, PowerPoint)

Desired Skills:

  • Bachelor Degree in Information Technology, Cyber Security or related field equivalent education, training and work-related experience may be acceptable in lieu of education
  • Master's Degree in Information Technology, Cyber Security or Computer Science
  • Supplemental education or certifications (PMP, MBA, CPA, etc.)
  • IT Security experience in a regulated environment to include one more of the following industries: Insurance, Financial Services, Pharmaceuticals
  • Strong knowledge of TCP/IP, routing, switching and firewall technologies
  • Cisco CCNA or other Security certifications
  • Working knowledge of Cloud computing, SaaS models and Cloud Security Alliance (CSA) principles

#LI-KW1

#LI-REMOTE