Enterprise Cybersecurity Manager
Remote Job | 2022-05-25 10:56:00
Share Job
Job Code : LOBLOLLY12
Enterprise Cybersecurity Manager
Houston, TX
12+ month Contract
The Enterprise Cybersecurity Manager is responsible to help ensure the protection of information systems and critical assets through the day-to-day management of all projects, services and personnel pertaining to Cybersecurity Threat & Vulnerability functions.
Job Duties and Responsibilities:
• Responsible for performing daily management duties and administrative tasks for 3+ direct reports, including annual employee performance reviews.
• Responsible for ensuring quality delivery and timely execution of Cybersecurity services including Vulnerability Scanning & Remediation, Threat & Vulnerability Advisory, Daily Threat Monitoring & Response, Incident Response, Firewall Change Requests, Web Filtering Requests, Pen Test / Web Application Testing.
• Responsible for the design, implementation, execution and management of multiple enterprise-wide security solutions, vulnerability management tools and processes to address Cybersecurity needs as they are identified and prioritized.
• Current projects may include centralized logging/SIEM, multi-factor authentication, advanced threat protection, cloud security.
• Effectively communicates security vulnerabilities and risks to issue owners and assists in remediation efforts.
• Analyzes vulnerability data to determine broad issues/trends and to determine root cause problems.
• Researches, designs, and implements solutions to address the root cause of problems on behalf of the enterprise.
• Participates in Cybersecurity Incident Response Team (CIRT) investigation and response activities as required.
• Works on multiple projects as a subject matter expert, including projects or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments.
• Responsible for ensuring quality delivery and timely execution of Cybersecurity services, including policy exception management, vendor risk management and compliance/risk assessments.
• Provides technical thought leadership, design, and engineering as necessary throughout the project lifecycle (Initiation, Planning, Execution, Control and Closure).
• Participates in on-going review of cybersecurity policies, standards, and procedures to ensure alignment with cybersecurity objectives.
• Capable of managing multiple projects or issues simultaneously that are of high complexity and/or require in-depth knowledge across multiple technical areas and business segments.
• Assists team in conducting independent research, analysis, and stakeholder interviews to gather and document each project's scope, requirements, and dependencies.
• Leads vendor evaluation, proof-of-concepts, and product selection as applicable.
• Guides team in the creation of documentation as necessary to support the overall delivery of Cybersecurity objectives, with little guidance. This includes but is not limited to project plans, communications, executive presentations, job aids, training materials, architectural diagrams, technical reference documentation.
• Capable of managing multiple projects or issues simultaneously that are of high complexity and/or require in-depth knowledge across multiple technical areas and business segments.
• Responsible for the design, implementation, execution, and management of multiple enterprise-wide security solutions to address Cybersecurity needs as they are identified and prioritized.
• Utilizes and enforces the utilization of cybersecurity and vulnerability management procedures, tools and internal reporting/tracking mechanisms.
• Develops and maintains executive dashboards and/or regular reports to communicate department-specific cybersecurity risks and threats.
• Develops procedures, training materials, metrics/measures packages, reports, project plans, and communication and executive presentations with little guidance, as needed to support the overall delivery of cybersecurity objectives.
• Demonstrates in-depth knowledge and understanding of the global threat landscape, cybersecurity trends, emerging technologies, and an ability to relate them to the county and its objectives.
• Must be able to weigh business needs against security concerns and articulate issues to management and stakeholders.
• May serve as a general security subject matter expert and project consultant to IT staff and other departments/agencies as necessary to support the demand for cybersecurity expertise.
• Coaches and mentors more junior level managerial and technical staff.
• May be required to work more than forty hours during the workweek and/or weekends or on-call 24 hours a day to meet special projects or deadlines.
• Performs other duties as assigned.
Requirements:
• Associate's degree or currently pursuing a degree from an accredited college or university in Information Security, Information Technology, Computer Science, or related field.
• Seven (7) years of progressive work experience in Information Security, Information Technology, Computer Science, or related field.
• Direct experience designing, implementing, and executing vulnerability, incident or threat management processes, tools, and technologies.
• Formal leadership experience serving as a manager or team lead with 3+ direct reports.
• Experience designing and implementing security technologies and processes across complex, large-scale environments, all the way from project initiation to the desired end state of operationally healthy and sustainable services.
• Hands-on experience operating vulnerability scanning, incident detection & response (IDR) or penetration testing tools.
• Experience designing, implementing, and executing vulnerability, threat, or incident management processes.
• Experience validating, analyzing, and prioritizing reported vulnerability and security risks.
• Experience reviewing firewall rule changes/requests to evaluate risk.
OR
• Bachelor's degree from an accredited college or university in Information Security, Information Technology, Computer Science, or related field.
• Five (5) years of progressive work experience in Information Security, Information Technology, Computer Science, or related field.
• Direct experience designing, implementing, and executing vulnerability, incident or threat management processes, tools, and technologies.
• Formal leadership experience serving as a manager or team lead with 3+ direct reports.
• Experience designing and implementing security technologies and processes across complex, large-scale environments, all the way from project initiation to the desired end state of operationally healthy and sustainable services.
• Hands-on experience operating vulnerability scanning, incident detection & response (IDR) or penetration testing tools.
• Experience designing, implementing, and executing vulnerability, threat, or incident management processes.
• Experience validating, analyzing, and prioritizing reported vulnerability and security risks.
• Experience reviewing firewall rule changes/requests to evaluate risk.
Knowledge, Skills, and Abilities:
A broad understanding of cybersecurity concepts across all domains, applicable security frameworks (e.g. ISO 2700X, NIST and CIS Critical Security Controls) and regulations (e.g. SOX, PCI, HIPAA and CJIS).
Ability to confront challenges in a constructive fashion and influence others through consensus- building techniques.
Strong organizational skills, including the ability to drive adherence to cybersecurity processes and tools and to keep focus on multiple tracks of work and open issues in parallel.
Ability to build and maintain strong relationships across departments/teams and effectively communicate vulnerability findings to issue owners and support remediation efforts.
Exceptional leadership, verbal and written communication, and project management skills.
Strong technical writing, research, analysis, and analytical/problem-solving skills.
Experience performing vulnerability assessments or penetration tests.
A passion for cybersecurity, self-starter mentality, flexibility, and willingness to take on new challenges and the ability to thrive in a team environment.
Preferences:
Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), CompTIA Security+ Certification or related certification.
Knowledge, Skills, and Abilities:
Experience in security event analysis, monitoring and response technologies, and processes.
Experience in threat intelligence gathering, research, and analysis.
Experience participating in Cybersecurity Incident Response Team (CIRT) activities.
Experience consulting with business and technology partners on general security requirements and best practices.
Strong research, analytical, problem-solving, and process development skills.
Thanks,
Riyaz Khan Pathan
Sr Technical Recruiter
1601 N Harrison Ave, STE # 2B, Pierre, SD 57501
Phone: 605-220-5981 Ext 113 | Direct: 605-776-2219 |
Email: [email protected]
LinkedIn: https://www.linkedin.com/in/riyazkhanpathan/
F: (605) 609-2010 |
Certified Minority Business Enterprise (MBE)
Any Graduate