Digital forensics or enterprise investigation experience is a plus. Knowledge of OWASP, SANS CWE 25, and CIS Strong project management skills and effective written and verbal communication skills Ability to communicate and interface with technical and non-technical members of the organization Ability to work in a fast-paced, high growth environment In-depth familiarity with ITIL, common security tools and ability to develop and improve tools/processes. Qualifications Knowledge, Skills and Abilities: Previous incident response process management for global organization Strong knowledge cyber-attack methods, risks and threats Experience engineering security solutions that include firewall solutions, data loss prevention solutions, and database encryption solutions Experience managing Vulnerability Management and Risk Management programs Experience implementing controls pertaining to, SOC II and ISO27001 as well as engaging with outside third party auditors and testers accordingly. Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results. Escalate incidents to management in a timely manner with appropriate information regarding risk, action times, and root cause analysis. Determine the root cause of incidents and work with business or technology groups to remediate any identified control gaps or failures.
Develop threat modeling and integrate into defense operations, information security (IS) architecture and engineering. Oversee information security incidents, coordinate the response and communicate the remediation efforts to all involved business partners. Assessing and mitigating system security threats and risks throughout the program life cycle. Design develop and implement technical solutions, products, and standards based on current and desired system security architecture. Identify and implement appropriate information security architectures and functionality to ensure company's aligns with best practice security policy and enterprise solutions. Job Duties and Responsibilities: Under direction of the CTO manage the company's security operations to safeguard key information assets from threats internal and external Lead the InfoSec (IS) operations performing prevention, detection, response and remediation activities, globally for a large scale internet corporation Lead the IS engineering and manage delivery of security solutions supporting various IS initiatives Lead the vulnerability and risk management programs for the company Develop security and compliance related documentation, policies and procedures that align with industry standards, audits and best practices. The position is responsible for ensuring compliance to all policies and responding to incidents requiring cross-team coordination and communication. The qualified candidate must have experience in handling medium to large scale prevention/detection capabilities, incident response, and manage the delivery of security solutions. Description The Senior Manager, Information Security and Compliance is a hands-on leadership role that manages and supervises the security engineering and the security operations teams that supports a global 24/7/365 Security Operations program.
0 kommentar(er)
