Get introduced to vetted companies that are still hiring

SUMMARY:

Reporting to the Director, Data & Cloud Infrastructure will actively participate in the cybersecurity programs strategic design as well as operational execution. Additional facets of participation include control design, implementation, and documentation and working with internal teams and external stakeholders on technical projects, sometimes as the single technical point of contact for one or more cybersecurity projects.

The Cybersecurity & Compliance Manager is responsible for performing various hands-on cybersecurity activities including controls analysis and implementation at every layer of the technology architecture (application, database, host, network) and conducting technical application & architecture design reviews and gap assessments to mitigate cyber risk. Additional responsibilities may include participating in cyber event/incident response, selection/implementation of appropriate security solutions, cybersecurity audit remediation follow ups, and other risk analysis activities as needed. The Cybersecurity & Compliance Manager promotes an efficient and secure technology environment in alignment with present and future cyber risks.

This is a unique opportunity to join a dynamic and growing team with a fantastic organization. In this role you will be exposed to various cutting-edge technologies, including various cloud platforms and the latest cybersecurity technologies to ensure their protection. Are you ready for the challenge?

QUALIFICATIONS:

Education/Experience/Knowledge:

• Bachelor's degree in computer science, information technology, management information systems, or a related study or equivalent experience.
• 8-10+ years Information/Cybersecurity experience with a minimum of 6 years of cybersecurity analyst, engineer, and/or architecture experience.
• Expert-level knowledge of cybersecurity, as well as industry trends.
• Expert-level knowledge and extensive experience working with various cybersecurity aspects of cloud environments including Microsoft Azure, O365, AWS or other similar relevant environments is highly desired.
• Expert-level knowledge and experience working with Microsoft Azure-ATP, Azure Information Protection (AIP), multi-factor authentication, CloudAppSec (MCAS), Defender for Endpoints, EOP-ATP, Sentinel SIEM, is highly desired.
• Strong knowledge and experience working as a cybersecurity engineer working with, securing, and extracting value from various technology systems including AV/EDR, DLP, Email filtering, Firewalls/IPS, MDM, SIEM, Vulnerability management, and Web content filtering systems.
• Expert-level knowledge and extensive experience in developing cybersecurity documentation and standards.
• Extensive experience conducting cyber event and incident analysis and consistently identifying root cause, or leading teams to identify root causes, as part of a CSIRP.
• Having an innate process-orientation and/or extensive experience working within a mature process-oriented culture/environment and being able to translate that skillset, is highly desired.
• Strong knowledge and experience with industry-standard risk/control frameworks: AICPA SOC 1 or 2, CIS Top 20, COSO, NIST, SOX, ISO 27001 etc. is a plus.
• Familiarity with SDLC, DevOps, as well secure software development practices and maturity models is a plus.
• Experience evangelizing cybersecurity practices across multiple technical teams.
• Experience in working with geographically distributed and culturally diverse stakeholders.

Event Monitoring & Incident Response:

• Lead the response to incident investigations. Identify the findings and associated mitigation and ensure timely implementation.
• Train and educate company personnel on incident response process, including periodic simulations and tabletop exercises.

Cybersecurity Engineering:

Help design, coordinate and oversee the cybersecurity technology stack across relevant tiers (application, endpoint, database, network, etc.)

Compliance:

• Develop, implement, and oversee company policies and procedures to comply with applicable laws, regulations, and best practices in cybersecurity.
• Perform periodic internal audits and vulnerability assessments to check the effectiveness of implemented cybersecurity measures and controls.
• Coordinate and liaise with internal and external audit teams for conducting compliance audits.
• Collaborate with legal and compliance teams to interpret regulatory requirements and implement changes as needed.
• Ensure all compliance-related documentation, such as Data Protection Impact Assessments (DPIAs) and internal policies, are kept up-to-date.
• Prepare and distribute compliance training materials and conduct regular training sessions for all employees on compliance standards and procedures.
• Develop and implement a compliance risk assessment framework and regularly report to the management on compliance efforts and gaps.
• Lead in the implementation of corrective action plans for resolution of problematic issues identified during internal or external audits.

Management/Leadership:

• Lead, manage, and mentor a team of cybersecurity analysts and engineers, providing clear objectives and monitoring performance metrics.
• Work closely with HR to ensure appropriate staffing levels and assist in the recruitment and selection process for new team members.
• Develop and manage budgets for cybersecurity and compliance programs, including monitoring expenditures and justifying variances.
• Foster a culture of continuous improvement and innovation within the cybersecurity and compliance teams.
• Regularly communicate to stakeholders and senior management on the status, metrics, and risks associated with cybersecurity and compliance initiatives.
• Participate in strategic planning sessions, providing insights on cybersecurity trends and compliance requirements that could impact business objectives.
• Plan and manage departmental projects, ensuring they are completed on time and meet objectives.
• Perform periodic performance reviews for team members and set individual goals aligned with departmental and organizational objectives.

Competencies:

• Ability to operate autonomously and create new, robust cyber risk analyses and results.
• Ability to communicate effectively regardless of the medium and initiate, lead and organize communications on significant milestones.
• Ability to initiate, lead, and organize communication on significant milestones.
• May independently own the design of specific cybersecurity technology strategies, tactics, and processes and oversee their implementation to achieve established goals.
• Advanced task/time management, process & project management, and business acumen (e.g. negotiation, influence, understand key business drivers etc.).
• Mentorship of team in key cyber risk analysis & project work.

LICENSES AND CERTIFICATES:

• One or more cybersecurity certifications desired: CISSP, CEH, CHFI, GIAC – GSEC, GCIH, or other relevant certifications a plus.

ESSENTIAL JOB FUNCTIONS/DUTIES:

• Participate in Information Security & Compliance team strategic design as well as day-to-day operational execution.
• Act as the single technical point of contact (sometimes as hands-on SME) for multiple Cybersecurity projects and work in coordination with management/project management to achieve cybersecurity OKRs.
• Act as incident lead to ensure relevant processes are being followed (e.g. CSIRP etc.) and that the incident response team is consistently and accurately identifying root cause of suspicious cyber activity.
• Oversee and participate in cybersecurity operations (event monitoring, incident response, threat & vulnerability management etc.).
• Follow established cybersecurity procedures and recommend improvements and/or develop new policies, processes, or procedures where necessary.
• Develop robust standard operating procedures for the team where gaps are identified.
• Stay abreast of new innovations and trends related to cybersecurity-focused technologies.
• Perform security architecture implementations and reviews as needed.
• Lead the evaluation and analysis of potential new security applications and systems and make recommendations to management.
• Communicate unresolved security exposures, misuse, or non-compliance situations to management.
• Other duties as assigned by supervisor.