IT Cybersecurity Manager

Job purpose

The Information Security Manager is primarily responsible for providing leadership, as well as operational and tactical direction to the cybersecurity team. The security manager leads the team through the information security program by establishing highly effective policies, corporate protocols, and appropriate collaboration among teams. In addition, this leader assumes responsibility for the education and enforcement of those protocols and matters of compliance.

The Security Manager possesses a strong technical background and understands risk, mitigation, and technical controls. The manager is expected to lead teams that perform technical work and must possess leadership qualities.

This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level.

Duties and responsibilities

• Analyzes technologies and establishes highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into the company networks and systems.
• Supports automation and orchestration to maximize team talent and reduce routine tasks.
• Leads by example to create a culture where employees want to work.
• Mentor security team and places a heavy emphasis on employee retention – people, first.
• Leads the team to implement secure enterprise systems and identifies issues that could compromise data integrity or security.
• Recommends necessary changes to the information security team to ensure the company’s systems are fully compliant with all applicable regulatory requirements and privacy laws.
• Provides periodic training to company employees on information security topics.
• Stays abreast of the security industry threat landscape.
• Recognizes his/her personal developmental needs and is proactive in obtaining the coaching, networking, and training needed to ensure his/her continued success in the position.

Qualifications

• Preferably 10+ years of technical hands-on security experience, with at least 3-5 years in a team lead or supervisor role.
• Related technical certification, or degree in one of the following fields:
  • Information Technology
  • Science or Computer Science
  • Management

• Demonstrates strong written and oral communication skills.
• Applicable knowledge of adversary tactics, techniques, and procedures (TTPs), MITRE ATT&ACK framework, CVSS, open-source intelligence (OSINT) and deception techniques.
• Demonstrated ability to investigate, handle and track incidents.
• Proficient in SIEM, intrusion detection and prevention systems (IDS/IPS), threat intelligence platforms and security orchestration, automation, and response (SOAR) solutions to centralize and manage incident and remediation workflow.
• Ability to analyze incident logs, assess malware, and understand vulnerabilities and exploits, along with strong operating systems knowledge (Windows, Mac, Linux).
• Experience in incident handling, vulnerability management, hacking tools, intelligence gathering and kill chain methodology.
• Proven threat hunting experience and ability to track adversaries.
• Proficient with Python, PowerShell, and Bash.
• Possesses a high level of integrity, trustworthiness, and confidence, and represents the company and its management team at the highest level of professionalism.
• Leverages subject matter expertise in security and compliance.
• Works effectively with a variety of personalities and can adapt his/her approach to effectively reach and develop his/her team. Uses this skill as well as his/her functional knowledge to both earn and maintain a high level of credibility with the team.
• Demonstrates solid organizational skills and the ability to multi-task, prioritize workload and delegate responsibilities.
• Effectively manages stress in a constantly changing environment.
• Demonstrates excellent judgment and the ability to make quick decisions and think outside the box when working in complex situations.
• Demonstrates strong analytical skills and is effective at interpreting and applying applicable regulations.
• Capable of working with diverse teams and promoting an enterprise-wide positive security culture.

Working conditions

• Minimal travel requirements as needed for business purposes
• Work assignments may be completed remotely and available company offices/branches within respective markets

Physical requirements

• Prolonged periods sitting at a desk and working on a computer and/or keyboard
• Heavy methods of verbal and auditory communication via phone, virtual calls, and/or email