Manages all Incident Response processes, procedures, and the coordination/execution of quarterly exercises.
Manages a team of information security engineers responsible for configuring, deploying, and managing enterprise security tools including: SIEM, vulnerability scanning, privileged access management, file integrity monitoring, application whitelisting, firewalls, advanced malware detection, IPS, etc.
Manages a team of Level III Security Engineers who reviews, assesses, and triages security events and guides the management events escalating into incidents.
Manages the evolution of the SOC and Threat Intelligence programs that include, but are not limited to, supporting process, procedure, documentation, and technology.
Acts as delivery manager for new security tool deployments.
Works with the Change Advisory Board (CAB) to identify changes that will impact information security controls.
Provides guidance to and coordinates the efforts of management in the development of procedures, policies and strategies to mitigate risk for critical functional areas.
Coordinates management action plans for remediation of audit findings and compliance risk.
Develops roadmaps, strategies and project lists to achieve IT Security objectives.
Hires and trains new staff. Conducts performance reviews and provides leadership and coaching.
Perform other duties as assigned by management.
Manages line items in expense and project budgets.
Bachelor’s degree in Computer Science or related field or equivalent combination of industry related professional experience and education
8+ years of experience including 2+ years of management experience.
Certified Information Systems Security Professional (CISSP) is required.
Understanding of NIST, PCI, ISO 27001/27002, COBIT, and ITIL
Ability to maintain the highest level of confidentiality.
Excellent interpersonal, written, and oral communication skills.
Ability to work in a team fostered, multi-tasked environment.
Working experience with information security and/or audit/compliance initiatives, teams, and programs