Description

Reporting to the Sr. Officer, Security & Compliance, the Security Operations Manager is responsible for managing operational activities related to the execution of the information security roadmap and manages the day-to-day workload of the Information Services (IS) security operations team. 

The Security Operations Manager role requires an individual with a strong technical background, as well as an ability to work with IS and business management to align priorities and plans with key business objectives. The Security Operations Manager will also be responsible for working with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility, and performance. The Security Operations Manager must also be able to develop and maintain metrics for ongoing performance measurement and reporting.

Expertise in developing and managing security projects is essential for success in this role. In addition to supporting the Sr. Officer, Security & Compliance's strategy, the Security Operations Manager must be able to prioritize work efforts — balancing operational tasks with longer-term strategic security efforts. Other project management tasks will include resource balancing across multiple IS teams, task prioritizing and project status reporting. Vendor relationship management — ensuring that service levels and vendor obligations are met — is also an important aspect of the position.

Key Responsibilities

• Work with the Sr. Officer, Security & Compliance to develop a security program and security projects that address identified risks and meet other security requirements that will enable our business to achieve their objectives.
• Manage the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing the Sr. Officer, Security & Compliance with a realistic overview of current risks and threats in the enterprise environment.
• Work with the Sr. Officer, Security & Compliance to develop budget projections based on short- and long-term goals and objectives.
• Manage a team of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership, mentoring and coaching, including technical and personal development programs for team members.
• Work with our internal Communications and Learning teams to provide security awareness and training for a wide range of audiences, which ranges from senior leaders to field staff.
• Work as a liaison with vendors, legal and procurement departments to validate or provide security requirements for mutually acceptable contracts and service-level agreements.
• Participate as a member of Change Advisory Board (CAB) meetings to identify and raise security concerns related to proposed IT changes a ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software

Requirements

• A minimum of seven years of IT experience, with five years in an information security role and at least two years in a management/supervisory capacity.
• A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
• CISSP and/or CISM certifications are desirable.
• Strong leadership skills and the ability to work effectively with business managers, IS operations staff with the capability to develop and guide information security team members and work with minimal supervision.
• Excellent verbal, written and interpersonal communication skills.
• Hands-on experience with security technologies and tools such as SIEM, IPS, EDR, MDM, web content filters and email security gateways is a must.
• A strong understanding of the business impact of security tools, technologies and policies.
• Experience with common information/security management frameworks, such as International Standards Organization (ISO) 2700x, IT Infrastructure Library (ITIL) and National Institute of Standards and Technology (NIST).
• Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• A strong understanding of Windows and Linux operating systems, and network protocols.
• Extensive experience in vulnerability management including coordinating application and network security penetration testing as well as understanding the results from vulnerability scans and working directly with infrastructure and application teams to remediate.