Manager, Cybersecurity Engineering

Since forming in 2003, we have established ourselves as the premier music tech organization with a mission of building a fairer, simpler, and creator‐focused industry. Through a combination of proprietary solutions, emphasis on data, and advocacy efforts, SoundExchange works with 3,600+ digital service providers to collect and distribute digital performance royalties – more than $10 billion – on behalf of over 650,000 creators and rights owners. 

Title: Manager, Cybersecurity Engineering 
Department: ITOps 
Job Location: Washington, DC or anywhere (Continental US)
Reports To: Senior Director, ITOps 
Supervisory Role: Yes
FLSA Status: Exempt

Position Summary:

Are you passionate about cybersecurity and motivated to lead a team that secures networks and technology in the music industry? We’re looking for an experienced Manager of Cybersecurity Engineering to support the end-to-end security of our infrastructure, endpoints, and applications. This is an ideal role for anyone who enjoys being a hands-on technical leader and continuous learning. You will be a member of IT Ops Leadership and report to the Senior Director of IT Ops. For DC-area applicants, this is a hybrid role, in-office once per week and as required for customer support and quarterly company onsite events. Remote applicants will be required to travel to the DC office for quarterly company onsite events at minimum.

Essential Functions:

• Lead the Cybersecurity team of cybersecurity engineers responsible for securing SoundExchange infrastructure.
• Stay current with known and emerging threats to determine, mitigate, and remediate risks against SoundExchange’s assets and infrastructure.
• Ensure SoundExchange’s assets are effectively managed and monitored to meet security policies, standards, and criteria.
• Maintain industry compliance with NIST Cybersecurity Framework guidelines.
• Align with IT Ops leadership on the creation, maintenance, governance, and communication of security policies and standards across the technical environment.
• Oversee the end-to-end security of our platforms, networks, and systems, provide risk analysis, implementation guidance and ensure that SoundExchange’s processes and solutions are securely maintained and that the confidentiality, integrity and availability of the company assets is always protected.
• Update and enforce security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification, and destruction. Promote user awareness and ensure company-wide adherence with defined standards.
• Assist in identifying, remediating, and mitigating vulnerabilities in our platforms, cloud environments, networks, and systems, perform forensic analyses and risk assessments, and ensure timely, appropriate, coordinated, properly communicated and contained incident responses.
• Maintain, implement, and support incremental and full backups and restorations of network and cloud resources according to backup and data retention policies, disaster recovery plans, and business continuity plans.
• Ensure that our users are sufficiently trained on the application of our security tools, practices, and policies, and properly and timely informed of the cybersecurity threats and risks that we face as a company.
• Ensure that proper security logs are generated and sent to our outside monitoring vendors
• Coordinate security audits and penetration tests and implement/coordinate remediation efforts as required.
• Create, review, and present reports, position papers, assessment recaps to team, and other IT Ops leaders.
• Interact with internal teams and external vendors on security-related requirements, projects, issues, and operational tasks.

Required Knowledge, Skills, Abilities (KSAs):

• Expertise with incident response, assessing and managing security risks, threats, and vulnerabilities.
• Experience working with security-related systems such as firewalls, IPS, IDS and web filters.
• Experience with analyzing security event logs from Windows, UNIX, IPS, network and remote access solutions.
• Experience with a mixed set of Windows, MacOS and Linux endpoints.
• Experience with AWS is a must. Azure and Oracle Cloud experience is also desired.
• Proficiency in creating conceptual, logical, and physical security diagrams.
• Detailed understanding of TCP/IP and related communication protocols, Windows authentication mechanisms (Kerberos, NTLM, AD), networking technologies, software defined computing, containerization, routing and switching, and risk analysis and risk management methodologies.
• Able to manage multiple priorities and work effectively in a fast-paced, high volume, results driven environment.
• Excellent written and verbal communication skills (including reporting and presentations)
• Expertise with information security principles and practices as well as latest scalable technologies

Required Education, Certifications/ Licenses, Related Experience:

• BS in Computer Engineering, Computer Science, Cybersecurity, or similar highly desired
• 5 years of security engineering experience in an enterprise environment
• 3 years of relevant experience as a manager of people.
• Security+ ce, CISM, CISSP, or similar certification(s).

ADA Specifications:

• This position requires the ability to remain in a stationary position (standing and/or seated) more than half the time.
• This position requires the ability to spend 8 or more hours per day viewing computer monitors.

Travel Requirements:

• This position has no travel requirements, other than attending our quarterly all-staff events in DC if not a DMV-based employee

Note:

The above statements are intended to describe the general nature and level of work being performed by the individual(s) assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required. Management reserves the right to modify, add, or remove duties and to assign other duties as necessary.

DEI Statement:

At SoundExchange, we empower creators and help share the future of music. One way we do this is by respecting our team members' diverse voices, varied perspectives, and distinct backgrounds. We are intentional in creating an inclusive culture where we recognize that equity is greater than equality and all employees have the opportunities and support needed to thrive. We strive to create teams that reflect the music community we serve – every individual’s unique attributes and abilities are valued and are part of how we innovate, create, and deliver experiences to the creators we champion.

Accommodations:

SoundExchange is committed to working with and providing reasonable accommodations to individuals with physical and mental disabilities. If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access the SoundExchange Careers website as a result of your disability. We will make a determination on your request for reasonable accommodation on a case-by-case basis.  If you need an accommodation, please email jobs@soundexchange.com