|Date Posted||October 2, 2020|
Promote an innovative, forward thinking culture to develop, implement and monitor a strategic, comprehensive enterprise cyber security program. Lead a multidisciplinary team responsible for cyber incident response, monitoring, threat assessment/mitigation, cyber systems architecture design and implementation while advancing enterprise cyber security capabilities.
Essential Duties and Responsibilities:
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
- Develop and propose Cyber Security budget based on current and projected cyber security needs as it pertains to personnel, security solutions, and managed services
- Encourage the development of Cyber Security personnel through coaching and specified training to accomplish organizational goals
- Understand technology disciplines which include but are not limited to, endpoint security, data loss protection, firewalls, intrusion detection and intrusion prevention, application and system scanning tools, log collection and monitoring
- Identify, select and manage security vendors to ensure that service delivery and support meet performance and business objectives
- Evaluate and assess current and future security needs of the organization continuously, make recommendations and develop business cases to substantiate requested changes
- Understand, align, and adhere to the regulatory and compliance requirements as they continually evolve
- Oversee the approval, training, and dissemination of security policies and practices as it relates to cyber security
- Manage relationships with third party providers of business services to the organization which includes negotiation of contract language and evaluation of third party risks related to cyber security practices
- Provide regular reporting on the cyber security program to the Senior Leadership Team, Internal Risk Management, audit committees, etc
- Coordinate with various internal business units to include Infrastructure and Application development teams to ensure alignment with IT Cyber Security recommended best practices
- Manage security incidents and monitor the external environment for emerging threats, and collaborate with relevant stakeholders on the appropriate courses of action
- Rely on experience and judgment to plan and accomplish goals; a wide degree of creativity and latitude is expected
Minimum Skills and Competencies:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Bachelor Degree or in-lieu of degree equivalent education, training and work-related experience
- 7+ years of experience as a Cyber Security Analyst or similar job role
- 5+ years of increasing managerial experience
- Demonstrated technical experience with the following disciplines: Data Leakage Protection, File Integrity Monitoring, SIEM, Vulnerability Management, Endpoint Protection, Endpoint Detection and Response, Email Gateways, Firewall Management, Web Application Firewall Management, Multi-factor Authentication, SSL Certificate Management, Hardware Security Modules.
- Working knowledge of multiple security and compliance frameworks: PCI, HIPAA, HITRUST, FISMA, NIST.
- Experience with enterprise security tools such as Tripwire Enterprise, Tripwire IP360, Nessus, BeyondTrust Retina, Qradar, Trustwave TrustKeeper, Proofpoint, McAfee ePO/HBSS
- Current IT Security related certifications, including one or more of the following: CISSP, CEH and/or CISM
- Effective organization and time management skills with the ability to work under pressure in a dynamic environment
- Excellent interpersonal, verbal, and written communication skills with the ability to communicate cyber security risks and related concepts to a broad range of technical and non-technical groups
- Ability to research, develop, and make executive presentations for tools, techniques, and process improvement opportunities in support of cyber security initiatives and evolving threats within the organization
- Demonstrated knowledge and understanding of relevant legal and regulatory requirements frameworks such as: PCI, NIST, SOX, MARS-E, HIPPA, ISO27000
- Excellent project management skills including scheduling and resource management
- Ability to function effectively in a fast-paced environment, handle multiple efforts simultaneously, prioritize and meet deadlines
- Proficient in Microsoft Office (Word, Excel, Outlook, PowerPoint)
- Bachelor Degree in Information Technology, Cyber Security or related field equivalent education, training and work-related experience may be acceptable in lieu of education
- Master's Degree in Information Technology, Cyber Security or Computer Science
- Supplemental education or certifications (PMP, MBA, CPA, etc.)
- IT Security experience in a regulated environment to include one more of the following industries: Insurance, Financial Services, Pharmaceuticals
- Strong knowledge of TCP/IP, routing, switching and firewall technologies
- Cisco CCNA or other Security certifications
- Working knowledge of Cloud computing, SaaS models and Cloud Security Alliance (CSA) principles