The Information Security Manager reports directly to the Deputy Chief Information Security Officer. This position will be responsible for oversight of the Threat & Vulnerability Management (TVM) team, which encompasses a team of security engineers, analyst, and applicable service providers.

• Oversee the Enterprise threat and vulnerability management program, including but not limited to the management of threat and vulnerability assessment tools, internal and external vulnerability scans, identifying, researching, and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
• Oversee execution of penetration tests and red team exercises, including but not limited to implementation, design, identifying targets, determining methodology, and sourcing testing services.
• Responsible for the management of API and Application Security across the enterprise, which includes the oversight of application security tools, static and dynamic secure code testing, reporting and remediation.
• Manage and provide strategic and operational cyber threat intelligence services by leveraging cyber threat intelligence technologies, feeds, threat modeling and threat assessments.
• Oversee support and maintenance of TVM security technologies that include but not limited to the Enterprise vulnerability management platform, API & application security systems, and offensive security tools.
• Drive and mature the TVM program, with the goal of building an effective threat and vulnerability management program by taking a risk-based approach to identify and quickly remediate vulnerabilities that pose the most impact to critical business services.
• Identify gaps in current TVM processes, workflows and design and recommend changes or enhancements as needed.
• Keep current with threat intelligence, vulnerabilities, attacks, and countermeasures and devote time to threat research and improving the overall security posture for the Enterprise.
• Leads engagement in the Threat Intelligence Industry & applicable Threat Intelligence Services.
• Develops and manages security metrics to demonstrate and track effectiveness of the TVM program.
• Deliver results and achieve KPI performance by focusing on effective cross functional team collaboration and execution.
• Create and maintain relevant TVM security policies, standards, and operating procedures.
• Maintain relationships with internal business partners and vendors to resolve issues, develop roadmaps, minimize the impact of security controls on business operations, and further the business' goals.
• Performs human capital management responsibilities including employee selection, performance management, coaching, and development. Manages priorities and workload distribution and removes barriers that impede progress. Completes all personnel, salary administration, and reporting duties.
• Support the administration of the information security budget, as needed, and in collaboration with the CISO function.
• Travels occasionally to participate in special assignments or training.

• 7 years of Information Security experience.
• 3 years of direct people management experience.
• 5 years of experience in operations and supporting enterprise-scale security solutions.
• Holds at least one or more of the following certifications or similar: Certified Information Systems Security Professional (CISSP), Certified Information Security Management Professional (ISSMP), Certified Information Security Manager (CISM), Offensive Security Certified Professional (OSCP).
• In-depth knowledge on key trends in cybersecurity, including experience with threat management tools and models (e.g., Cyber Kill Chain, ATT&CK).
• In-depth understanding of vulnerability management (VM), VM products/solutions, hacking techniques, and hacking tools.
• Experience in program and team management.
• Experience in developing and managing effective program documentation.
• Strong oral, written, interpersonal communication skills including the ability to interact effectively with all levels of employees and leadership throughout the enterprise.
• Bachelor's degree in Information Security, Information Technology, Computer Science, or a related field or commensurate experience.
• Valid driver's license and a driving record that conforms to company standards.