Cybersecurity Manager
This position manages the daily operations of our security team. This includes management of our client's internal data governance, security products/ platforms and policies and procedures. The Security Manager will also take the lead on proactive investigation into new security standards and products to improve their internal and external (customer-facing) security postures, manage risk and optimize our management efficiencies. This position will also be responsible for cyber-incident response management, including working alongside our security partners (and any client-retained third-party incident response/forensic investigators).
Responsibilities
Security Team Management and Standard Operating Procedures (SOPs).
o Define, document, manage and continually refine security team SOPsOptimize security management tools to maximize efficiency/efficacy
o Once established, manage ongoing cybersecurity compliance activities, including scheduling and/or performance of controlled assessments
o Identify opportunities for process improvement in detection, triage, task assignment, scheduling, coverage and efficiency
o Provide input for information security policies, standards, processes, and procedures based on business requirements, risk tolerance and industry best practices
Advancing Atlantic’s Internal and External Security Products/Services.
o Remain current on emerging security technologies, testing and deployment processes.
o Recommend and implement proper security platforms for clients based on client demographic profiles (e.g. regulatory compliance needs, technologies, etc.)
o Evaluate, anticipate and prevent threats (including new cybersecurity threats) through research and develop effective security controls, including disaster recovery
o Design standards for implementation and support of complex security technology platforms
Internal Systems
o Implement managed security services solutions for internal systems & networks
o Advise on design, implementation and maintenance of effective information security controls
Education and Presentations
o Train and manage direct staff on SOPs and security risk and mitigation strategies
o Assist in designing programs to educate technical staff on security products, processes and related relevant considerations technical team support responsibilities
o Collaborate with the Sales and Marketing teams on security opportunities (including customer-facing engagements). Present security offerings to clients and internal staff
Audits/Incident Responses/Questionnaires
o Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
o Evaluate potential security breaches, coordinate response and recommend corrective action, including working with third party incident response teams and providing updates to key stakeholders.
o Design processes and template around security compliance questionnaires.
o Where necessary, assist to complete security compliance questionnaires (internal and external
Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools[JW1]
Personnel
o Recruits, retains, and motivates highly-talented staff and balances the need to allocate tasks efficiently with the need to keep talent engaged, challenged, and growing
Metrics
o Develop and maintain the appropriate metrics (KPIs) to track and report on performance, produce and disseminate monthly metrics / scorecards for management review
Qualifications
-
Bachelors degree from an accredited institution, with degree preferred in Computer Science or Information Technology Systems Security or related field
-
Minimum of 5 years (within the last 7 years) of experience in Cybersecurity.
-
Excellent working knowledge of security administration and information technology governance in a multiplatform environment
-
Demonstrated ability to lead security projects, including working with highly effective cross-functional teams
-
Experience with regulatory and industry standards such as PCI, CCPA, NIST Framework, CIS 20, etc.Experience establishing cybersecurity and risk metrics for reporting
-
Strong emotional intelligence with demonstrated sustained leadership in an organization or customer base including multiple stakeholders.
-
Demonstrated management skills in budget development, administration, policy development and implementation, personnel administration, and staff training and development
-
Exceptionally effective oral and written communication skills
-
Thorough understanding of systems architecture and design for Intrusion Detection/Prevention, Virtualization, and Cloud deployments
-
Ability to work in a high-pressure environment with changing priorities
-
Required certifcations include CompTIA Security+, Microsoft Certified: Security Operations Analyst Associate
-
CompTIA Cybersecurity Analyst (CySA+), CompTIA Advanced Security Practitioner (CASP+) and Microsoft Certified: Azure Security Engineer Associate a plus[JW2]
-
CISM and CISSP certifications a plus
-
Managed Service Provider background is a plus