Associate Director of Information Security ( SIEM Team )
Summary of This Role
SIEM to be responsible for the design, implementation, and operational success of the SIEM Engineering team within the TSYS Threat Management Center (TMC). This includes managing the people, processes, and technologies required to deliver an efficient and effective SIEM Engineering capability, as well as various other security system platforms essential to the successful performance of the TMC Security Operations Center (SOC). The successful candidate will clearly demonstrate strong leadership skills to achieve sustainable top performance. He/she will have a track record as an effective communicator and problem solver who is able to develop and maintain good working relationships with internal and external stakeholders. The candidate will exemplify a commitment to ethics and integrity, and must have demonstrated abilities, including mentoring and coaching, to build diverse and inclusive teams with high levels of engagement. Technically, a qualified candidate will have security engineering experience with SIEM, firewalls, IDS/IPS, antivirus, endpoint/network security, active directory, and cloud security; an ideal candidate will add engineering management experience with SIEM technologies including Splunk and ArcSight.
Manages the development, deployment and execution of controls and defenses to ensure the security of company technology and information systems. Analyzes business needs and establishes priorities for protection of critical systems and operational policies. Establishes and implements appropriate information security standards and criteria for hardware, software, firmware, email and web firewall, access, vendors and third party solutions, and encryption requirements. Evaluates potential business impacts from security breaches and resolves security incidents while providing guidance to business decision-makers. Maintains access to information security technologies.
What Part Will You Play?
Leading SIEM engineering functions for a globally-scoped security situational awareness infrastructure, including directing SIEM application administration; guiding the design, development, testing, and optimization of complex SIEM use cases and content; overseeing SOC systems deployment and administration; recognizing the need for and implementing new policies, standards, and processes; developing individual team members and defining strategies for overall team cohesiveness and effectiveness; acting as the technical escalation point for SIEM engineers, content developers, and security system administrators; and leading new business segment migrations and onboarding for SIEM monitoring. The role will be responsible for establishing and maintaining close coordination with the IT architecture, engineering, and infrastructure build-out teams that support the SIEM, as well as helping to achieve a World-Class SOC capability for TSYS by assuring the SIEM reliability, real-time security event detection, and deep-dive threat identification functions required. The incumbent will also manage audit artifact gathering and submission activities, as well as orchestrate efficient remediation activities with teams across TSYS when necessary.
What Are We Looking For in This Role:
o Bachelor's Degree
o Relevant Experience or Degree in: Business or IT related field and/or the equivalent of training and experience
o Minimum 8 Years Relevant Security Engineering Experience
o Minimum 2 Years SIEM Engineering Experience (Splunk, ArcSight, Qradar, LogRhythm, McAfee ESM)
- Leads and maintains the global vulnerability management program and its functions for all enterprise systems. Maintains the architecture, deployment and support for the global vulnerability management program. Provides detailed consulting and reporting to executives, clients, business owners and technical experts across the enterprise. Identifies systemic security issues based on the analysis of vulnerability and configuration data. Directs the tactical efforts supporting the global Security Information and Event Management (SIEM) platform used to identify threats to the organization’s information assets and systems. Reviews and recommends upgrades, products, and tools that will enhance the use of the SIEM. Monitors developments in the information security industry and communicates on the potential impact on or applicability to the organization. Oversees cyber security research efforts regarding real time external cyber threats. Directs the monitoring, identification, analysis, and response to suspicious real time events that occur against corporate networks and systems. Executes containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence to be used for after action reporting and/or legal evidence. Creates business cases for security investments. Leads and executes tactical activities of the global Threat Management Center (TMC).
- Establishes and maintains appropriate and effective correlation data that is used to bring context to suspicious and innocuous events. Ensures engineers maintain current knowledge of emerging threats from global threat intelligence sources and applies knowledge within the SIEM platform to improve security posture. Creates and/or matures an effective security engineering governance, policy, and process to mandate repeatable, secure design, and engineering practices. Provides guidance and advocacy regarding prioritization of investment and implementation associated with security strategy. Ensures adherence to industry best-practice approaches to the design, implementation, operation and management of security systems. Assists information owners in identifying and implementing controls to mitigate the threats to information assets and computing resources. Identifies and recommends security solutions to meet changes in technology and business operations.
- Leads, maintains and improves the global network penetration program for networks worldwide. Validates and exploits security flaws in networks to demonstrate real world risks, attacks and security postures of corporate networks. Maintains and improves the program to evolve with emerging threats and ever growing compliance oversight. Designs and develops exploits to test systems for the purpose of validating compliance to security controls, standards and compliance. Provides guidance and analysis of emerging risks to executives, business owners and technology owners. Establishes and maintains effective partnerships with independent teams to evangelize security priorities, methodologies, awareness and compliance across the organization. Maintains a current knowledge of known and emerging vulnerabilities from global threat intelligence sources. Serves as an expert to the organization on vulnerability, threats, incidents and exploits that impact the company.
- Leads and maintains a comprehensive program that is fully compliant with policy requirements (e.g., Payment Card Industry Data Security Standards (PCI DSS), Federal Financial Institution Examination Counsel (FFIEC)). Develops, maintains and distributes comprehensive reporting of security findings to internal owners and external compliance assessors. Presents program standards to clients and assessors to validate compliance to requirements. Promotes compliance requirements and present program standards. Provides vulnerability risk analysis for work prioritization. Directs the develop of new metrics and reporting on business unit compliance with corporate information security standards.
- Provides consulting to application owners on secure coding standards and analysis. Provides expertise on best practices and security to technical owners during the design and testing phases. Reviews technical design documents to validate security considerations are understood early within the development process. Verifies that software, networks and systems are implemented and effective. Reviews and validates new prospective technologies for adherence to security standards. Delivers information security requirements in a way that is understood and effects change. Provides analysis of threat intelligence and issues security briefings to internal and external stakeholders. Maintains and delivers accurate and descriptive reporting of vulnerabilities, threats and security flaws to the organization. Interfaces with the enterprise forensics team during incident response efforts as appropriate. Ensures high level of customer service is provided to internal and external clients. Conducts post mortem reviews of cyber security events to ensure that actions were appropriate, gaps were identified, and procedures were updated and understood by team members. Develops and improves procedural documentation for the standardization and repeatability of incident handling and analysis.
- Evaluates highly complex technical solutions to determine compatibility with enterprise authentication and identifies management solutions. Delivers critical security components and technical integrations for revenue generating corporate solutions including enhanced corporate product offerings, new regions for exiting offerings and time sensitive client conversions. Assesses and approves non-routine, highly complex security projects, while acting as a security subject matter expert. Reviews and approves project charters, requirements and solution documentation. Initiates enterprise projects to include business justifications, cost and resource needs. Provides threat management and forensic consultation.
- Provides regular reporting to clients and assessors on status of security concerns, controls, product and projects, work requests, and process improvements. Participates in client meetings and corporate sponsored forums. Leads communication with internal and external counterparts to set priorities for work and builds cross functional teams.
- Reviews and approves the implementation of countermeasures and other actions to be deployed within security technologies that are recommended by security threat analysts. Consults with security and technical leadership, and outside security vendors to validate the recommended security control measures. Reviews policy and configurations within security technologies to ensure effectiveness of mitigating risk.
- Not an exhaustive list; other duties as assigned.
What Are We Looking For in This Role?
- Bachelor's Degree
- Relevant Experience or Degree in: related field of study from an accredited university is required; however, relevant experience in lieu of a degree may be considered.
- Typically a minimum of 8 years
- related professional experience including a minimum of 3-4 years experience in a supervisory position.
- None Identified
What Are Our Desired Skills and Capabilities?