Security Manager

Job Description & Requirements

Job Description *

As Security Manager, you will be responsible for defining, implementing and overseeing the security roadmap for the Cloud Operations organization.   Additionally, where needed you will provide internal assistance on designing, validating and defining commercial solutions as dictated by the marketing and customer requirements.  You will also assist the operational team providing direction, insight and direct technical input, work across the organization to help ensure solutions are built with proper compliance and security in mind. You will be collaborating with departments like Legal, Compliance, Operations, Development as well as with Business Owners, preferred suppliers and contractors.
 

Main Responsibilities

• Identify and protect company assets by developing and implementing security policies, protocols and procedures that align with company goals.
• Perform security process evaluations and inspections, support and execute internal requirements for penetration testing, vulnerability scanning and security testing.
• Prepare the organization and staff for external inspections and audits, and support client-specific meetings (including audits) when required.
• Developing work schedules, allocating tasks, and monitoring personnel performance.
• Collaborating with department managers to determine security needs.
• Planning and implementing comprehensive security strategies.
• Coordinate staff when responding to emergencies and alarms, provide an escalation point for any and all security incidents, and prepare post-event analysis
• Review reports on incidents and breaches
• Investigate and resolve issues
• Create reports for management on security status
• Ensuring compliance with company policies and security industry regulations.
• Support the larger initiatives for Business Continuity and Disaster Recovery across SDL/RWS product suite.
• Provide support and training to the larger SDL organization and functions as required.
• Carry out risk assessments against new and existing technology being sure to report and act upon any discovered weaknesses.
• Audit internal practices for SDL against the current Information Security standards (ISO 27001, CSA STAR, NIST, HIPAA, SSAE 18 etc.)
• Review system and security measures and recommend and implement enhancements
• Develop timelines and cost implementation for the implementation of security features and enhancements.
• Lead a team of security engineers.
• Serve as a focal point of contact for the information security team and the customer or organization

There are many threats to electronic information, and an information security manager would need to deal with risks that include (among others):

• Denial of service attacks, where systems are overloaded with useless data and brought to a standstill
• Hacking, or unauthorised access to a computer system
• Phishing, where users are lured into entrusting their confidential details to spoof websites
• Viruses, spyware, worms and Trojans
• The abuse of permissions granted to authorised system users

Skills and Experience

• Experience handling infosec projects through the full life-cycle
• Experience dealing with info-security incidents from end to end which involves triaging, identifying and isolating the issue.
• Strong technology skills and knowledge in a broad range of (security) areas including networking, server, cloud based technologies, risk management and software development.
• Skills and knowledge in executing and documenting penetration tests, vulnerability assessments and risk assessments.
• Skills and experience in working with Linux, Windows operating systems for hardening and security testing, as well as various databases (SQL Server, MySQL, Postgres, MongoDB) and modern application platforms such as Docker and Kubernetes.
• Skills and knowledge in security monitoring.
• Professional experience working on AWS/Azure/GCP.
• Cloud certifications like AWS certified solutions architect, security speciality certification is preferred.
• Have successfully completed a CEH and any cloud security certifications.
• Experience with ISO 27001 and SOC 2 audit requirements.
• Extensive experience with security protocols, cryptography, authentication (MFA, SSO, etc…) and access control.
• Advanced analytical and structured problem solving abilities with inquisitive approach to work.
• Ability to travel (when needed). Estimated travel is less than 25% of time.
• Understanding and utilization of automation and available tools.
• Strong English written and verbal communication skills with proven ability to write highly technical reports and documentation.
• Being able to explain complex issues to inexperienced people.
• Experience managing a team of highly technical engineers.
• A strong ability and desire to collaborate with peers and to constructively resolve differing points of view.