|Date Posted||May 15, 2021|
The Cybersecurity Operations Leader supports the incident detection and response program. This role leads and further develops a team of analysts responsible for 24x7x365 monitoring of threats, as well as the tools and processes that support the core mission of defending the organization against cyber-threats. Cybersecurity Operations Leader reports to the Head of Cyber Technology and Network Services with a dotted relationship to the Head of Cyber Risk & CISO, and collaborates closely with the security architecture teams, security teams, and other internal and client stakeholders to empower the business and continuously enhance the security posture of the organization.
- Act as an advisor and partner to both OneMain and its vendor organizations regarding security risks; work collaboratively with impacted parties to assess business drivers and provide recommendations
- Development and tracking of key risk indicators (KRIs) related to Cybersecurity operations, to benchmark and further enhance capabilities.
- Experience briefing senior executives and leaders on Cybersecurity Incidents
- Manage the daily operations and effectiveness of the Cybersecurity Operations
- Benchmark and implement industry best practices to detect and mitigate potential threats
- Oversee the success of clients subscribing to security monitoring services, including onboarding, ongoing monitoring, and improvements.
- Participate in internal assessments and tabletop exercises, and other activities that contribute to operational readiness.
- Ensure platforms and processes are in compliance with all corporate and regulatory standards and requirements.
- Collaborate with management in developing technical direction, as well as assessing reasonable objectives and timelines.
- Manage and enhance the tools, tactics, and techniques used within with the SOC. Lead in the assessment, architecture and implementation of security technologies.
- Develop staff of varying skill levels on both cybersecurity competencies/expertise and personal development. Guide in their continued growth and success as individuals and as a team.
- Lead the Cybersecurity Operations team in a fast-paced environment, while exercising composure, professionalism and teamwork during incidents. Support and oversee incident response activities as the most senior escalation point for Cybersecurity Operations. Exercise discretion and confidentiality on a need-to-know basis when performing investigations.
- Perform special projects and other duties as assigned
A successful candidate will be able to coordinate team members in evaluating security incidents or high-risk situations within an environment to provide clear, concise recommendations and feedback to security leadership. Cybersecurity Operations Lead requires strong technical knowledge and experience with security monitoring tools and incident management situations. In addition to technical expertise, a combination of excellent communication and people management skills is required.
Desired Skills and Experience
- Ability to communicate effectively with all levels of staff, management, and clients both orally and in writing
- Strong leadership, problem solving and critical thinking skills. Ability to prioritize and execute autonomously.
- Previous experience leading a Security Operations Center in an enterprise environment.
- Minimum ten (10) years of experience in IT Security or Information Technology
- Three (3) years in a management role leading a technical team
- Understanding of tactics, techniques and procedures associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat hunting techniques.
- Knowledge in emerging technologies and tactics used within a SOC, and how they are applied to improve efficiency and effectiveness
- Bachelor 's degree in Information Technology or equivalent experience. Master 's degree a plus.
- Achieved one or more relevant security certifications (CISSP, GCIA, GCIH, GMON, etc.)
- Ability to collaborate across the organization and operate effectively with multiple teams and solutions towards a shared goal
- In-depth understanding of latest security principles and protocols
- Strong understanding of security operations technologies
- Experience with Windows operating systems, as well as network and network security technologies including IPS, proxy, and firewall