We are seeking a Manager for our cybersecurity team. The ideal candidate will be responsible for leading our security engineering initiatives, developing and implementing security protocols, and ensuring the protection of our digital assets. This role requires a high level of technical expertise, people management, leadership skills, and a proactive approach to staying ahead of potential threats.
As a Manager of Security Engineering, you will play a critical role in protecting our organization from potential cyber threats. If you are a strategic thinker with a strong understanding of security engineering and a passion for leadership, we would like to meet you.
You will hold the security team accountable to meet SLAs, timelines for projects, and be a hands-on practitioner. Expertise in multiple domains is required, including Azure, AWS, VMware, firewalls, VPNs, scripting (PowerShell or Python are ideal), security-centric automation, vulnerability management, compliance (CIS and PCI primarily, and GDPR as tertiary), email protection, server hardening and policies, audits, and documentation.
Definitions of success include ownership of day-to-day incidents, large and long-term initiatives, establishing influence with peers, stakeholders, and direct reports, and approaching tasks and recommendations empirically. Cybersecurity is a customer of internal IT teams, and treats all teams as they’re the customer. A servant leadership mentality, customer obsession, and a lead-by-example demeanor are vital and of the utmost importance to your supervisor, the Global IT Security Director.
Projects will require domestic travel. This will largely be for largescale, planned projects. We are a small team and enjoy favor amongst other IT teams. This strong alliance may manifest itself by taking on work of neighboring disciplines, such as the network and systems and servers teams. Assisting with their work in the form of tickets and travel is expected and in line with the relationship IT teams have forged.
Career development is fundamental. See yourself as an enabler to your direct reports. Cultivate their skills, motivate and excite them about cybersecurity by exposing them to different areas, and vouch for their promotions. Espouse an approach and mentality where you work for your direct reports. This is pivotal and aligns with your supervisor’s own mode of operation. Be deeply invested in your team and have their new skills pay dividends for the organization. Make plans and compelling cases for training for your direct reports.
Responsibilities:
1. Lead the cybersecurity team: Manage and mentor the security team, ensuring high performance, continuous professional development, and alignment with the company's security policies and goals.
2. Develop and implement security protocols and systems: Design, implement, and manage security systems across our networks, platforms, and applications. This includes intrusion detection systems, firewalls, data encryption programs, and other security measures.
3. Perform vulnerability assessments and penetration testing: Regularly conduct comprehensive security assessments to identify system vulnerabilities, and perform penetration testing to evaluate our system's resilience against attacks.
4. Manage security incidents: Oversee the response to security incidents, ensuring swift resolution. Investigate breaches to understand their cause and impact, and develop strategies to prevent future incidents.
5. Collaborate with other departments: Work closely with teams across the organization, such as IT and software development, to ensure that security is integrated into all technologies and processes. Provide guidance on security best practices and potential risks.
6. Ensure compliance with security standards: Ensure all security measures and policies comply with applicable regulations and standards. Regularly review and update policies to accommodate changes in law or technology.
7. Manage and optimize security tools: Evaluate the effectiveness of current security tools and technologies, and explore new solutions as needed. Ensure optimal configuration and use of all security tools.
8. Develop and deliver security training: Create and implement security training programs to enhance staff awareness about potential threats and the importance of cybersecurity.
Qualifications:
1. Bachelor's degree in Computer Science, Information Technology, or a related field. Advanced degrees are a plus.
2. Proven experience in a similar role, with a focus on security engineering.
3. Extensive knowledge of various security frameworks, risk management, and data protection strategies.
4. Strong leadership skills, with a track record of managing and developing high-performing teams.
5. Relevant professional certifications, such as CISSP, CISM, or CEH, are preferred.
6. Excellent problem-solving skills and the ability to make strategic decisions under pressure.
7. Strong communication skills, with the ability to explain complex security concepts to a non-technical audience.