SUMMARY 

As the IT Manager, you will have the opportunity to provide leadership, employee development and management, financial planning, and forecasting. You will also be responsible for defining and directing the overall security monitoring, cyber threat, and incident response capabilities within the security operations team and directing activities to achieve the mission and objectives of Enterprise Information Security 

PRIMARY RESPONSIBILITIES 

• Manages the department including interviewing, hiring, mentoring, and developing staff members on the security operations team
• Ensures continuous monitoring, alerting, escalation, investigation and response to suspicious events across our digital landscape
• Leads the development of response playbooks, research methods for indicators of compromise, continuous configuration, SIEM customization, and logging requirements for technical assets
• Maintains appropriate chain of custody in support of internal investigations, forensics, and eDiscovery
• Responsible for performance evaluations, coaching, skill and career development, policy administration, performance management and behavior of employees
• Manages the Security tooling ecosystem (i.e.. XDR, SIEM, etc.) including developing the roadmap, overseeing the deployment, integration, configuration, and enhancements to security solutions in accordance with industry-leading practices.
• Leads the response to events reported as possible information security incidents, validating, appropriately prioritizing, and owning the incident response process
• Provides coaching, constructive feedback, workload management and direction to staff to ensure achievement of department OKRs
• Proactively develop procedures, guidelines and standard operating procedures to ensure consistent and repeatable delivery of services
• Evaluates and report on trends of network and computer resource compromise to inform security posture enhancements
• Oversees defensive control enhancements intended to prevent and proactively manage cyber security intrusions
• Leads the monitoring of external information regarding emerging security threats and mitigations, including vulnerabilities, malware and patches
• Communicates audience appropriate and business informed security concerns/exposures to appropriate leadership
• Partner with other Security leaders to develop penetration testing plans against designated infrastructure and vendor applications

• Recommends tools, processes, and practices to improve security posture consistent with risk management practices and tolerance

• Ensures reasonable and effective controls exist to meet current and future security compliance requirements
• Develops and communicates internal standards regarding technical security controls, platform hardening, product requirements, and technical security exceptions
• Consults with Enterprise Information Security, Enterprise Architecture and Information Technology colleagues to continuously evaluate and implement security solutions in response to the evolving threat landscape
• Delivers after-action facilitation through retrospectives, driving continuous improvement, gap identification and remediation
• Provides education, guidance, and oversight for the development of appropriate standards, procedures, methodologies, and playbooks
• Leads tabletops and simulation exercises in support of security awareness initiatives and educational objectives

QUALIFICATIONS AND SKILLS 

MUST HAVE QUALIFICATIONS 

• BA/BS in Computer Science or equivalent experience in Cybersecurity
• Experience in Security Operations, Incident Response and Investigations, including proven hands-on technical management experience of security analysts
• Proven track record of successfully managing through ambiguity to measurable results
• Experience developing and delivering information on program status and security incidents to senior leadership
• Deep technical understanding of and experience with SIEM platforms, vulnerability scanning and management,  incident response planning and execution, EDR, IDS/IPS, content filtering and penetration testing
• Experience recruiting, building, and leading technical teams, including performance management
• Experience analyzing, explaining, and countering attacker tactics, techniques and procedures
• Experience developing policies/procedures for security processes
• Ability to effectively lead Cyber discussions and initiatives communicating in an audience aware manner
• Demonstrated track record of effectively managing both internal and external stakeholders

• Bachelor’s Degree/Master's degree in Information Security
• Relevant cybersecurity certifications (CISSP, CSAM, CISM, etc.)
• Cloud Service Provider Certification (Azure Fundamentals, Azure Cloud, etc.)
• Previous experience in an agile (product-led operating model)
• Previous manufacturing in a complex matrix environment
• Previous experience automating security operations workflows
• Experience automating and integrating incident response workflows via orchestration and DevSecOps tools
• Knowledge of the NIST Cybersecurity Framework