About the job
Digital Products and Services team members are responsible for securely managing information systems throughout their lifecycle, including knowing what information systems are within their scope of responsibility, understanding what sensitive data is stored, transmitted, or processed on those information systems, enforcing the security principles of least privilege and least functionality, knowing what events may constitute a cybersecurity incident, and understanding their role in security incident response activities.
Under direction of the ISO, the Manager of the Information Security Office is responsible for overseeing and managing a comprehensive cybersecurity program in order to manage organizational risk to acceptable levels. The team member is responsible for managing the daily operations of the Information Security Office, hiring, training, and evaluating personnel, and ensuring that all work is completed in an accurate and timely manner. The team member demonstrates effective leadership, onsultation, relationship building, communication, decision making, and accountability.
- Building, maintaining and improving vulnerability management and penetration testing programs (This includes, but is not limited automation; identification of scope; prioritization; validation of vulnerability findings; asset discovery; regulatory requirements; dashboards to measure the effectiveness of the program)
- Building, maintaining and improving cybersecurity risk management programs (This includes, but is not risk-based technical assessments; control assessments; third-party risk management; regulatory requirements; dashboards to measure the effectiveness of the program)
- Analyzing security vulnerabilities and determining attack surface and impact
- Cloud architecture, engineering and application development teams to establish and maintain comprehensive visibility into potential risk events across a large scale cloud environment
- Implementing and managing scanning and penetration testing solutions such as Qualys, Tenable, BurpSuite Pro, etc
- Well versed in defining and measuring risks in the environment and be able to clearly communicate risks and vulnerabilities to the business, with excellent written and verbal communications
- Excellent technical and analytical skills, demonstrated ability to develop manage and lead high performing teams, demonstrated ability to set strategic direction for a program, strong communication and presentation skills, flexibility, innovative and critical thinking and problem solving
- Experience in Agile methodologies
- Experience with ServiceNow
- Experience applying industry security, audit, and privacy standards, frameworks, and regulations (e.g., NIST RMF, ISO27001, PCI DSS, GDPR, COBIT, AICPA Trust Principles (SOC 2/3), NIST CSF, CCPA, SCF)