|Published||September 22, 2023|
Sr. Manager Cybersecurity Threat Management - Hybrid [WA, OR, ID, CA] Innovation and TechnologyNA,WashingtonNA,IdahoNA,ArizonaNA,CaliforniaNA,OregonNA,Nevada
Umpqua Bank is a publicly traded financial holdings company, headquartered in the Pacific Northwest with 6,000+ employees, which offers banking services to customers throughout the nation. It’s an especially exciting time to join our team as, following the recent merger with Columbia Bank, we have grown to become a leading western-based regional bank with more than $50B in assets under management and an unwavering commitment to our associates, our customers, and our communities.
We create a great place to work by offering a special brand of relationship banking and by providing a culture where associates thrive. Associates who embody our core values fit in well here and we are eager to meet candidates who demonstrate behaviors that align with Trust, Ownership, Growth, Empathy, Teamwork, Heart, Enjoyment, and Relationships.
About the Role:
Lead a team of engineers who will oversee the cybersecurity threat management function that includes application security testing, vulnerability management, penetration testing, bug bounty programs, configuration management compliance (on-prem/cloud), purple teaming, and breach and attack simulation. Serve as experts by defining, supporting, and managing solutions that partner with technology operations and application development teams to deliver business value for Umpqua Bank. Provide leadership, coordination and operations planning to accomplish department/corporate goals and objectives. Collaborate with peer and senior management to focus on service improvements for critical security control processes.
Manage team activities and projects that support an internal and external threat management program.
Drive vision and plans to implement, mature, and maintain application security testing services, vulnerability management, and penetration testing.
Foster, cultivate, and mature purple team services including breach and attack simulation activities that drive overall control improvements across the organization.
Partner with Cybersecurity Engineering and Cybersecurity Operations to advance use case detection and prevention capabilities.
Oversee, manage, and deliver cloud infrastructure security policy within Azure to govern and maintain a secure environment through automation of our compliance objectives.
Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing.
Drive a culture of DevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams.
Support continuous delivery of vulnerability scanning, remediation, and reporting across various platforms and architectures
Partner with technology teams to implement configuration compliance by leveraging technical knowledge and problem-solving skills in the network, database, server, and desktop technology areas in accordance with the secure SDLC process.
Educate and train as needed on application development security practices, bringing theory to reality, and sharing knowledge that will elevate our development community.
Collaborate with domain architects, application development teams, project managers, and other teams to provide technical cybersecurity expertise when needed.
Develop and maintain security metrics and the communication of those metrics to Management.
Manage vendor relationships to ensure business partner/customer satisfaction with all information system security services. Build and maintain effective working relationships with business partners.
Manage departmental short-range planning including overseeing communication and training programs to increase awareness of information security concepts and responsibilities.
Continually re-assess the status quo and consider alternative solutions. Keep abreast of best practices and apply as relevant to the organization. Lead change and adoption of new security processes and technologies.
Demonstrate compliance with all bank regulations for assigned job function and applies to designated job responsibilities – knowledge may be gained through coursework and on-the-job training. Keeps up to date on regulation changes.
Follows all Bank policies and procedures, compliance regulations, and completes all required annual or job-specific training.
Maintain a working knowledge of Bank's written policies and procedures regarding Bank Secrecy Act, Regulation CC, Regulation E, Bank Security, and other regulations as applicable to this job description.
Actively learns, demonstrates, and fosters the Umpqua corporate culture in all actions and words.
Takes personal initiative and is a positive example for others to emulate.
May perform other duties as assigned.
Bachelor's Degree in Computer Science, related field, or an equivalent combination of education, training, and experience. Required.
4-7 years’ experience managing people or leading project teams, including proven experience providing effective coaching, feedback, and development plans to team members.
7-10 years proven track record of technical expertise in IT Security.
Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g., risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
Experience working with modern development practices (e.g., micro services, containers, orchestration, continuous integration & delivery pipelines)
Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g., FFIEC CAT, NIST, ISO, and PCI)
Demonstrated ability to resolve sensitive issues with other departments and to present information to senior management.
Demonstrated analytical and problem-solving skills applied to both technical and business challenges.
The ability to relate business requirements and risks to technology implementation of security-related issues.
Knowledge of security monitoring, diagnostic and administrative tools.
Knowledge and understanding of the secure integration of systems into the current network and server environment.
Ability to train and present to small and large audiences or has the interest in learning to train and present.
Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA
Direct Resources Managed – 1-5.
We offer a competitive total rewards package including base wages and comprehensive benefits. The pay range for this role is $96,890.00 to $196,037.00, and the pay rate for the selected candidate is dependent upon a variety of non-discriminatory factors including, but not limited to, job-related knowledge, skills, and experience, education, and geographic location. The role may be eligible for performance-based incentive compensation and those details will be provided during the recruitment process.
We offer eligible associates comprehensive healthcare coverage (medical, dental, and vision plans), a 401(k)-retirement savings plan with employer match for qualifying associate contributions, an employee assistance program, life insurance, disability insurance, tuition assistance, mental health resources, identity theft protection, legal support, auto and home insurance, pet insurance, access to an online discount marketplace, and paid vacation, sick days, volunteer days, and holidays. Benefit eligibility begins the first day of the month following the date of hire for associates who are regularly scheduled to work at least thirty hours weekly.
Our Commitment to Diversity:
Umpqua Bank is an equal opportunity and affirmative action employer committed to employing, engaging, and developing a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, age, sexual orientation, gender identity, gender expression, protected veteran status, disability, or any other applicable protected status or characteristics. If you require an accommodation to complete the application or interview(s), please let us know by email: [Click Here to Email Your Resumé]
To Staffing and Recruiting Agencies:
Our posted job opportunities are only intended for individuals seeking employment at Umpqua Bank. Umpqua Bank does not accept unsolicited resumes or applications from agencies and Umpqua Bank will not be responsible for any fees related to unsolicited resume submissions. Staffing and recruiting agencies are not authorized to submit profiles, applications, or resumes to this site or to any Umpqua Bank employee and any such submissions will be considered unsolicited unless requested directly by a member of the Talent Acquisition team.