This position manages the daily operations of our security team. This includes management of our client's internal data governance, security products/ platforms and policies and procedures. The Security Manager will also take the lead on proactive investigation into new security standards and products to improve their internal and external (customer-facing) security postures, manage risk and optimize our management efficiencies. This position will also be responsible for cyber-incident response management, including working alongside our security partners (and any client-retained third-party incident response/forensic investigators).
Security Team Management and Standard Operating Procedures (SOPs).
o Define, document, manage and continually refine security team SOPsOptimize security management tools to maximize efficiency/efficacy
o Once established, manage ongoing cybersecurity compliance activities, including scheduling and/or performance of controlled assessments
o Identify opportunities for process improvement in detection, triage, task assignment, scheduling, coverage and efficiency
o Provide input for information security policies, standards, processes, and procedures based on business requirements, risk tolerance and industry best practices
Advancing Atlantic’s Internal and External Security Products/Services.
o Remain current on emerging security technologies, testing and deployment processes.
o Recommend and implement proper security platforms for clients based on client demographic profiles (e.g. regulatory compliance needs, technologies, etc.)
o Evaluate, anticipate and prevent threats (including new cybersecurity threats) through research and develop effective security controls, including disaster recovery
o Design standards for implementation and support of complex security technology platforms
o Implement managed security services solutions for internal systems & networks
o Advise on design, implementation and maintenance of effective information security controls
Education and Presentations
o Train and manage direct staff on SOPs and security risk and mitigation strategies
o Assist in designing programs to educate technical staff on security products, processes and related relevant considerations technical team support responsibilities
o Collaborate with the Sales and Marketing teams on security opportunities (including customer-facing engagements). Present security offerings to clients and internal staff
o Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
o Evaluate potential security breaches, coordinate response and recommend corrective action, including working with third party incident response teams and providing updates to key stakeholders.
o Design processes and template around security compliance questionnaires.
o Where necessary, assist to complete security compliance questionnaires (internal and external
Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools[JW1]
o Recruits, retains, and motivates highly-talented staff and balances the need to allocate tasks efficiently with the need to keep talent engaged, challenged, and growing
o Develop and maintain the appropriate metrics (KPIs) to track and report on performance, produce and disseminate monthly metrics / scorecards for management review
Bachelors degree from an accredited institution, with degree preferred in Computer Science or Information Technology Systems Security or related field
Minimum of 5 years (within the last 7 years) of experience in Cybersecurity.
Excellent working knowledge of security administration and information technology governance in a multiplatform environment
Demonstrated ability to lead security projects, including working with highly effective cross-functional teams
Experience with regulatory and industry standards such as PCI, CCPA, NIST Framework, CIS 20, etc.Experience establishing cybersecurity and risk metrics for reporting
Strong emotional intelligence with demonstrated sustained leadership in an organization or customer base including multiple stakeholders.
Demonstrated management skills in budget development, administration, policy development and implementation, personnel administration, and staff training and development
Exceptionally effective oral and written communication skills
Thorough understanding of systems architecture and design for Intrusion Detection/Prevention, Virtualization, and Cloud deployments
Ability to work in a high-pressure environment with changing priorities
Required certifcations include CompTIA Security+, Microsoft Certified: Security Operations Analyst Associate
CompTIA Cybersecurity Analyst (CySA+), CompTIA Advanced Security Practitioner (CASP+) and Microsoft Certified: Azure Security Engineer Associate a plus[JW2]
CISM and CISSP certifications a plus
Managed Service Provider background is a plus