Description
Link Technologies is currently looking for a Security Operations Manager for a contract position in Las Vegas, Nevada.
Position Statement:
The Security Operations (SecOps) Manager for our client is responsible for implementing and managing the Data & Digital Security (DDS) program at a tactical and operational level (network and infrastructure) to ensure that security controls are functioning efficiently and effectively, more specifically in the realm of security logging, monitoring, alert management, incident handling, vulnerability and configuration management. Furthermore, this position also supports the DDS Team in doing security research and development, product evaluations, consulting, project support, and any other operational tasks needed to support the overall requirements of the program and strategy.
The SecOps Manager is a hands-on position and provides technical expertise to establish and implement security related standards, procedures, and guidelines appropriate to securing the existing environment in partnership with various properties and Information Technology.
Operational Planning & Management
- Act as the main point of contact and expert in SecOps to the properties and network teams in order to offer solutions to new risks and threats
- Support the SecOps Lead Engineer on all activities in collaboration with the application development teams and project teams, that is be able to take on hands-on work as needed (eg, tight deadlines, issues, etc.)
- Manage the team's activities working directly with the network/infrastructure and project teams, that is be able to take on hands-on work as needed (eg, tight deadlines, issues)
- Support the activities of the SecOps Team with all DDS NIS (Network & Infrastructure) Protection Systems once they are in place (including various infrastructure and network security tools such as Firewalls, IPS, anti-malware tools, etc.)
- Support the SecOps Team on their activities working directly with the network/infrastructure teams and project teams, that is be able to take on hands-on work as needed (eg, tight deadlines, issues, etc.)
- Develop and manage detailed security reviews and assessments, security exposure analysis of the network architecture and overall infrastructure: (1) Assess potential damage of security flaws and assist in the implementation of corrective actions; (2) Identify, document, and report security issues and concerns to management; and (3) Monitor corrective actions and recommending cost-effective preventive measures to preclude recurrences
- Review and sign-off on all recommendations on possible improvements resulting from the work performed as part of projects
- Provide official sign-off on projects after reviewing all security deliverables prepared by the SecOps Team
Security Risk Management
- Ensure that outstanding audit, assessment and regulatory findings and gaps are resolved by the various properties and IT
- Support DDS Management to build an integrated end-to-end security risk and compliance framework to protect the company's information assets and supporting resources
- Support the design and deployment of the company's security risk management framework as it relates to SecOps
- Develop and maintain SecOps policies, standards, procedures, and guidelines that will assist the network/infrastructure teams in integrating security requirements in the network and operating systems
- Assist DDS management in promoting the technical understanding of new and existing information security standards, solutions and tools with respect to network and systems
- Using the DDS security risk management framework, implement all required SecOps activities (eg, penetration testing, vulnerability threat assessments, threat modelling, security reviews and assessments, code reviews)
- Review and sign-off on all SecOps deliverables including recommendations and remediation plans; this activity is executed in close collaboration with the Director of the Security Risk & Compliance
- Monitor the effectiveness of corrective actions and recommending cost-effective preventive measures to preclude recurrences
- Implement controls in specific areas that would benefit Internal Audit, External Audit and other regulators to enable them to streamline their audit activities and leverage DDS security tools and processes
Incident Management
- Perform as the SecOps subject matter expert for the Incident Response team and investigating any possible incidents impacting the company
- Support the activities of the SecOps Team in all SOC procedures
Research & Development
- Support the SecOps lab to perform all required application and data security assessment, reviews, testing, etc. including evaluating, selecting, deploying and managing network and infrastructure security tools
- Evaluate and participate in outsourcing and/or third-party initiatives that would outsource data processing and management
- Provide content to technical briefings to the CISO and other key stakeholders such as the CTO on current security issues; contribute to the technical understanding and promotion of new and existing information security standards, solutions and tools; serving as a technical communication channel to the CISO
- Provide R&D and consulting support to the DDS team, IT and business projects as needed
Documentation, Reporting & Analytics
- Contribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to the CISO and other key stakeholders such as the CTO
- Provide subject matter expertise for all security exceptions relating to IT and property activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures
- Implement all SOC requirements with regards to SecOps metrics and ensure that metrics are gathered on a daily basis
- Manage all SecOps metrics for the quarterly CISO dashboard and other reporting requirements
Performance and Training Management
- Mentor application security staff on fundamentals of security threats, vulnerabilities, and testing methodologies
- Provide training and advice to less experienced security staff and/or other non-security professionals (IT, properties, eg)
- Manage security technical staff both direct reports and virtual Subject Matter Experts (SMEs) in various groups
- Manage and coach current direct reports to ensure they perform at the highest level of quality and are able to achieve current goals
- Establish and monitor team's goals and ensure they are aligned with the CISO's security strategy and direction
- Self-manage career in security by leveraging available courses in-house and courses offered externally; prepare a career plan for short-term and longer-term performance management
Organizational Planning and Management
- Manage projects with the IT and property teams and for projects internal to DDS
- Assist with general administrative activities in collaboration with all team members
- Manage vendors' activities and relationships as needed including SOWs, maintenance renewals, licensing updates, etc.
- Prepare project plans and associated documentation;
- Prepare status reports and other management metrics as needed
KNOWLEDGE AND EXPERIENCE
- 8-10 years related business experience
- Superior communications skills, both verbal and written
- Direct experience managing multi-faceted I/T integration projects
- Working knowledge of process engineering and technical requirements generation in the user environment
- Experience with current concepts in project risk assessment, metrics generation and analysis and risk management
- Requires knowledge of underlying platform(s); prior experience working with interdependent platforms; working knowledge of standards and impact of non-standard approaches
- Technical knowledge of business processes and procedures and underlying technical workings of system to support it
- Ability to maximize system to support business processes, recommend and influence business process change to maximize use of system
EDUCATION
- Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MIS required
- Certified training in security management, risk and compliance solutions and practices. CISSP, CISA, CISM, GSEC, CRISC, or related certification(s) required
To apply, please send your Resume in MS Word format and reference Job ID # 3432. We look forward to working with you!