Position Description

The Information Security Operations Manager is responsible for ensuring that information security services are current and operational at all times to protect the infrastructure.This individual ensures the daily operations of the information security systems are monitored and security alerts and events are appropriately handled from the initiation of the action through response and closure of an event. The individual is responsible for leading the Computer Security Incident Response Team (CSIRT) for UNOS and ensures prompt response to incidents is done efficiently to minimize downtime and prevent or minimize service interruptions.The manager is responsible for the daily operational work and ensuring it is completed in a effective manner by the team.The individual in this position will lead a team of highly skilled, information security engineers and ensure the planning, developing, implementing and managing of the team's responsibilities are handled pro-actively and professionally to meet the business needs.This individual needs to be skilled in finding a risk-balanced approach to security and be able to educate and communicate with the UNOS teams in order for them to fully understand the implications of opening risk to the environment and be able to effectively find alternative solutions to mitigate risk and reduce the threat landscape through compensating controls before acceptance of risk.

Key Responsibilities:

• Responsible for the technical and process direction of the Information Security operational team.
• Serve as team leader and mentor in developing team goals as well as individual performance and development goals
• Provide technical leadership and oversight as the team develops processes and technologies that provide ongoing investigation into correlated security and system event, creating incidents and escalating when needed.
• Manage the staff time management, on-call schedule, training and education, process improvement, monitoring and root cause analysis for the organization.
• Develop and publish measurements and metrics to track performance of the team and systems and that help reflect the security posture of the organization
• Foster a team environment of curiosity and continuous improvement
• Recruit, mentor, coach and develop team members
• Partnering with all IT teams as well as other business partners to develop standard processes to ensure successful operations and responses to security and system events and proper escalations
• Partner across the organization to ensure the development and implementation of comprehensive services and solutions to meet business requirements
• Assist in the development and management of budgets for capital and operating expenses
• Communicate both verbally and in writing, to explain how the various technical pieces work to provide useful solutions to the business.
• Participate in security and system incident response including providing initial triaging of incidents and resolution.

Minimum Requirements

• 2 years of people management experience in a 24x7 IT operational environment required; 5 years overall people management experience strongly preferred.
• 5 years of experience in the information security field.7-10 years preferred.

Critical Skills

• Strong understanding of datacenter networking including load balancers, DNS and wide area networks
• Experience with network and/or security operations centers
• Experience using ITIL practices for change, incident and problem management
• Excellent oral and written communications skills
• History of demonstrating excellent technology leadership and decision making
• Experience building dashboards to accurately reflect the user experience
• Experience developing metrics that demonstrate success of team and processes
• Experience leading and directing teams, including performance management
• Experience leading multiple large projects, leading definition, selection and implementation of security and system monitoring and alerting tools, technologies and processes
• Hands-on experience implementing and administering information security, infrastructure and software systems.
• Experience evaluating potential solutions, selecting and recommending the best solution
• Experience producing design documents that are used by others to effectively implement solutions
• Ensure all risks are handled and stake holders are able to make informed decisions concerning risk acceptance.Track all known vulnerabilities that exist in software and infrastructure at UNOS and work with appropriate teams remove or remediate these risks as appropriate.
• Identify opportunities for continuous improvement and drive efficiencies in departmental process and procedures
• Measure effectiveness of Information Security team - refine operational metrics for the team, create reporting and review cadences
• Be an extremely effective communicator understanding the significance and appropriate use of various communication channels and tone based on circumstances and audience
• Makes effective independent decisions relating to day-to-day issues that do not require team discussion, input or agreement.
• Involve fellow team members in collaborative decisions based upon member/customer feedback.
• Manage all teams, employees, contractors and vendors involved in IT security.Own the overall success of the team, including planning, growth and staffing, thereby assuring an outstanding client experience that decreases time to first value and drives adoption.Provide training and mentoring to security team members

Additional Skills & Qualifications

• Demonstrated ability to understand the information security controls and tools in order to understand the environment and requirements for securing the environment as well as responding to any events or incidents quickly.
• Ability to analyze systems based on business and technical user stories/requirements in order to design solutions that best meet the overall objectives of stakeholders
• Ability to strategically analyze and articulate risks, benefits and opportunities associated with a proposed design or solution.
• Ability to multi-task and handle numerous assignments simultaneously.
• Strong leadership skills and the ability to take initiative.
• Familiarity with cloud-based platforms (AWS, Azure)
• Familiarity with Microsoft and Linux system technologies as well as virtual technologies for hosting of VMs and the security of both the VMs and underlying host.
• Solid understanding of storage and resiliency technologies.Responsible for business continuity capabilities for the operational team.
• Demonstrated ability to design and implement complex infrastructure, applications, networks and systems with the goal of meeting business and security objectives
• Ability to manage complex information systems that impact multiple domains across Service Operations, Information Security, and Software Engineering
• Ability to review and mentor the work of others
• Ability to estimate total costs of proposed solutions, including effort, acquisition costs and on-going costs
• A bias for action and a curious nature that is comfortable questioning the status quo
• The ability to instill trust and confidence in business partners and team members
• Ensure information security compliance with regulatory control frameworks including, but not limited to NIST, HIPAA and other.

Education

4-year degree in Computer Science/Engineering, Information Systems or related field of study, or equivalent professional IT work experience required

Physical Requirements

• General office demands
• Must be available for on-call rotations in a 24/7 IT operational environment

UNOS provide equal employment opportunity for all applicants and employees. It will not unlawfully discriminate or permit harassment against any employee or applicant on the basis of race, ethnicity, color, religion, national origin, gender, age, disability, familial or marital status, military or veteran status, sexual orientation, gender identity and expression, genetic information, or any other characteristics or classification protected under applicable law ("protected categories"). This policy applies not only to hiring, but also to working conditions, benefits and privileges of employment, training, appointments for advancement, transfers, layoffs, recalls, terminations of employment and all other terms and conditions of employment.

UNOS is also an affirmative action employer. It takes affirmative action to recruit and provide opportunities for advancement to qualified females and minorities, individuals with disabilities, special disabled veterans and other protected veterans. It hires and promotes based on job-related requirements and individual qualifications. Action is taken to ensure the fulfillment of this policy as to all phases of the employment process including hiring, placement, training, upgrading, transfers and/or demotions, recruiting, layoffs and termination of employment.

UNOS invites individuals with disabilities and protected veterans to identify themselves, if they wish to do so. Such communication will be kept as confidential as possible and will be used only in accordance with the law. Candidates may contact the EEO/AA Officer at to self-identify or request an accommodation.

| | | | |