Responsibilities
Lead and manage IT and security-related programs and initiatives, ensuring alignment with cross-functional stakeholders, organizational goals, industry best practices, and regulatory requirements.
- Collaborate with cross-functional teams, including IT, engineering, product, legal, and compliance, to integrate security requirements into business processes and the product development lifecycle.
- Manage the planning, execution, and delivery of IT and security projects, ensuring adherence to timelines, budgets, and quality standards.
- Define and track key security metrics and performance indicators to measure the effectiveness of security programs and initiatives, such as vulnerability management, incident management, change management and others.
- Quantitatively manage the completion of security objectives based on the analysis of data and indicators.
- Partner with Sales, Customer Success, Engineering and Product teams to manage customer-driven IT and Security requirements, including the coordination of requirements identification and intake, work assignment and scheduling, and integration and delivery.
Preferred Knowledge, Skills, and Abilities:
- Three (3) years of enterprise-class information technology and security vulnerability management experience with the capabilities in elevating a vulnerability program with proper reporting in place and ability to identify enhancements.
- Three (3) years of relevant experience in a supervisory capacity managing small to medium sized teams in a large IT enterprise environment.
- Strong hands-on experience and knowledge with Cloud Technologies: (e.g., related to Fundamentals, Security, Amazon AWS, Microsoft Azure, Google Cloud Platform).
- Strong knowledge and experience evaluating, designing, testing, and supporting hardware and software-based security.
- Strong knowledge and experience with information security and network communications practices and principles, technologies, and systems.
- Proficient knowledge and experience with vulnerability scanning plus risk and mitigation best practices.
- Ability to stay knowledgeable of cybersecurity trends and emerging threats.
- Proficient knowledge and proven experience with the following skillsets:
- Networking/Data Communications
- Risk Management
- Operating Systems (e.g., Windows/Linux)
- Vulnerability management tools such as Tenable and Palo Alto Xpanse
- Other Security Tool sets/categories (e.g., Firewalls, Routers/switches, Database, Web Servers, Applications); Common vulnerabilities, CVEs, and CWEs; Encryption and cipher technologies
- Experience with security frameworks such as NIST (e.g., NIST 800-53) and CIS.
- Demonstrated experience and success with development and promulgation of enterprise-class security policy and standards.
- Demonstrated experience and success with completion of risk assessments and vulnerability assessments.
- LAN/WAN operational experience, including networking, OS, web/application/Database servers, storage, hardware, firewalls, and monitoring and detection tools.
- Excellent people management, communication, and customer interaction skills.
- Ability to work independently, manage projects, and exercise judgement in reaching solutions.
- Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
- Demonstrated ability to communicate effectively, both orally and in writing.
- Experience in scrum, kanban and SAFe.
Certification(s):
· CISSP, A+, Security+, CEH, CISA, CRISC, or other IT security operations/vulnerability management certifications is a plus, but not required.