Manager, Cyber Security & Compliance

Position Summary:

As the Manager of Cyber Security & Compliance, your primary purpose is to be responsible for the overall security and compliance of the organization's information systems and data. This includes leading efforts to identify and mitigate cyber security risks. Developing policies and procedure, conducting security assessments and audits, and ensuring that the organization complies with current PCI, ISO 27001, SOX, GDPR, CPAA standards. The Cyber Security & Compliance Manger also works closely with other departments within the organization to raise awareness of security and compliance issues and to promote a culture of security within the organization.

Essential Duties and Responsibilities:

1. Manage Projects to implement new security solutions on time and on budget
2. Design and Build new security solutions to improve the security posture of the organization
3. Recommends and participates in the analysis, evaluation, and development of enterprise systems long-term strategic and operating planning to ensure that IT objectives are consistent with security best practices
4. Research new attack vectors and technologies to mitigate potential threats
5. Reviews, develops, tests, and implements security plans, products, and control techniques
6. Manage the Security Operations Center Team to monitor and improve an organization's security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents
7. Lead response and investigation efforts in data security incidents, provide an after-action report and design corrective actions. Coordinate communications with PR team as required
8. Track operational metrics related to alerts, incidents, and vulnerabilities
9. Review legal documents relating to Governance policies and lead discussions with the legal team. Advising the executive team how new Cyber Security Laws will affect the organization's operations
10. Create and/or update Security Policies and Procedures to include tactics, techniques, standard operating procedures and security controls
11. Lead Cyber Security awareness training across the organization
12. Lead the Change Advisor Board. Ensuring changes are not putting operations of the organization at risk of failures or security incidents

Qualifications:

• Bachelor's degree in computer science, information technology, or a related field
• 5+ years of experience in information security
• Experience with security frameworks and methodologies
• Experience with security assessments and audits
• Experience with security compliance
• Experience with security incident response
• Experience with security risk management
• Experience with security budgeting and reporting
• Strong analytical and problem-solving skills
• Excellent communication and interpersonal skills
• Ability to work independently and as part of a team
• Ability to work under pressure

Knowledge and Skills:

• Strong knowledge of incident response and crisis management with the ability to identify both tactical and strategic solutions
• Understanding of network, desktop and server technologies, including experience with network intrusion methods, network containment, segregation techniques and technologies
• Cloud security knowledge and skills; securing cloud environments as well as detecting and responding to cyber security incidents in the cloud
• Log analysis skills and experience in relation to identifying and investigating security incidents
• Strong knowledge of PAM, IPAM, and IAM Solutions
• Knowledge of the Technologies and Products including Web Proxy Filtering, EDR, and WAF
• Excellent written/oral communication, interpersonal and problem solving skills
• Able to thrive in both independent and collaborative work environments
• Able to effectively oversee multiple and concurrent projects / responsibilities

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice