CyberSecurity Manager

at Trustech Inc
Published May 4, 2022
Location Denver, CO
Category Default  
Job Type Full-time  

Description

Bachelorrsquos degree required (Masterrsquos degree a plus) in either Business, Finance, Computer Science, Engineering, IT, or similar field. Hold an active cybersecurity certification, such as CISSP, CISM, CISA, CRISC, or CEH (highly desired, or equivalent experience is acceptable). 8+ years of experience in Cybersecurity, with 5+ years managing cyber security resources. Ability to facilitate a climate of cohesiveness, cooperation, and teamwork A broad and thorough knowledge of security systems, Windows, Linux, TCPIP is required. Proficiency in network traffic analyzing and packet analyzing is desirable. Experience with Cisco network products and end user support is desirable. Preferred industry certifications include SANS, CISSP, CISA, PCI-DSS Working knowledge of multi-tier applications and systems, desktop and server operating systems, server virtualization concepts, cloud, and basic infrastructure services such as DNS and DHCP Exhibit leadership skills required to manage resources as well as projects deliverables Self-directed IT professional with strong work ethics and excellent organizational skills Strong oral and written skills both technical and non-technical Ability to work in a fast paced, sometimes stressful team environment with the ability to adapt to new, different, or changing situations Demonstrated troubleshooting approach and skills Strong interpersonal, business management, and customer service skills Essential Functions Responsible for information security infrastructure including, developing strategic plans, and identifying key success factors sets priorities and allocates the resources to achieve department and corporate goals. Responsible for the ongoing and near real-time proactive monitoring, analyzing, investigating, tracking, and remediation of IT security events across the enterprise in an overall effort to minimize the potential for a breach of security or loss of data Responsible for leading the monitoring of cybersecurity events (endpoints, servers, databases, network devices, mobile devices, etc.) investigate, validate, and support mitigation of alerts based on their risk and priority. Provide strategic guidance for ITCybersecurity projects, including the evaluation and recommendation of technical controls. Track project status, to ensure projects meet the approved deadlines and stay within approved budget. Oversee portfolio of security projects to deliver on strategic cybersecurity initiatives. Support development and dissemination of Cybersecurity training and awareness for organizational users, administrators, and developers. Support the execution of data loss prevention initiatives fostering collaboration with departments across the organization on privacy and data protection matters. Manage the coordination of internal and external resources during forensic investigations. Execute vulnerability management briefings, providing status updates, and direction on remediation actions to system, network, database, and application administrators. Establish and maintain a set of procedures for identifying, prioritizing, implementing, and reporting security patchesconfigurations that resolve security exposures to the network and computing devices across the enterprise. Oversee compliance hardening governance on endpoints, servers, virtual devices, network devices, databases, and applications. Conducting hardening checks of device configurations to determine version compliance and identify and mitigate weaknesses. Conduct security assessments of application, network, and computing architecture before systems are placed in production. Coordinate facilitation and remediation efforts for Red and Purple pen test teaming engagements. Lead development and implementation of security policies, procedures, and documented security controls. Develop risk metrics that measure overall cybersecurity risk exposure, and work with key stakeholders to define target thresholds, and report on results. Maintain a PCISOX control database, inventorying control ownership, control objectives, and testing objectives. Act as liaison with internal and external auditors for SOX and PCI audit concerns, facilitation of meetings, annual walkthroughs, and discussion of remediation activities for identified deficiencies. Collaborate with control owners to validate effectiveness of security controls and ensure testability. Oversee and drive remediation processes to address issues identified in security assessments, key financial application reviews, access control reviews, internal or external audits andor other assessments. Work closely with teams across the organization to ensure compliance with defined standards, identifying gaps and enhancing compliance. Provide relevant and actionable reportingpresentations to stakeholders and executive management. Strong working knowledge and implementation of cybersecurity frameworks and standards such as COSO, COBIT, NIST, and ISO. Active awareness with current trends, technologies, regulations, threats, etc. provide cybersecurity support to IT and business functional teams. Support privacy, strategy, and tactics to ensure adequate procedures are in place to comply with new and existing privacy laws, regulations, and company policies. Ability to demonstrate and apply knowledge of data protection regulation and laws to the environment, such as the CCPA, CPRA, HIPAA, GLBA, and CDPA. Coordinate the third-party risk management (TPRM) vendor risk services. Provide guidance and mentoring to junior team members. Qualifications Bachelorrsquos degree required (Masterrsquos degree a plus) in either Business, Finance, Computer Science, Engineering, IT, or similar field. Hold an active cybersecurity certification, such as CISSP, CISM, CISA, CRISC, or CEH (highly desired, or equivalent experience is acceptable). 8+ years of experience in Cybersecurity, with 5+ years managing cyber security resources. Experience with industry compliance standards such as PCI-DSS, HIPPA, NIST, ISO, ITIL, and SOC12. Cloud security andor network expertise (AWS, Azure, Google Cloud Platform). Experience working in a 24x7x365 production support environment. Experience with the airline industry a plus. Knowledge, Skills and Abilities Ability to facilitate a climate of cohesiveness, cooperation, and teamwork A broad and thorough knowledge of security systems, Windows, Linux, TCPIP is required. Proficiency in network traffic analyzing and packet analyzing is desirable. Experience with Cisco network products and end user support is desirable. Preferred industry certifications include SANS, CISSP, CISA, PCI-DSS Working knowledge of multi-tier applications and systems, desktop and server operating systems, server virtualization concepts, cloud, and basic infrastructure services such as DNS and DHCP Exhibit leadership skills required to manage resources as well as projects deliverables Self-directed IT professional with strong work ethics and excellent organizational skills Strong oral and written skills both technical and non-technical

Drop files here browse files ...