This position functions as the manager of the corporate security operations and incident response teams and requires understanding the IT infrastructure in place at Milliman offices to ensure appropriate security measures are in place to prevent security breaches. The position has IS engineer direct reports responsible for security infrastructure and works in collaboration with the Manager of IT Operations & Infrastructure to recommend physical and technical information security best practices. The position also manages all aspects of technical incident response from Cybersecurity Incident Response Team (CSIRT) initiation to conclusion and collaborates with the corporate privacy office to address privacy-related events. The position reports to the Chief Information Security Officer (CISO).
The Cybersecurity & Incident Response Manager will be responsible for supervising staff and executing IT Security projects. This position will oversee the technical work of information security operations and incident response personnel. Additionally, this position will occasionally serve as a project or cross-functional team lead to ensure high-quality communications and technical delivery of the work being performed. The Cybersecurity & Incident Response Manager will set performance expectations for direct reports and provide constructive performance feedback on a regular basis.
- Operational oversight of cybersecurity solutions, including SIEM, MSSP, MDR, firewall, VPN infrastructure, secure web gateway, etc.
- Manage activities of GCS IS Security Operations and program management of information security initiatives with IT personnel across Milliman practices and disciplines.
- Manage activities of the Incident Response team/CSIRT and track and assist with mitigation of technical security incidents across the organization through resolution.
- Support prioritization and delivery of security audit artifacts for internal and external security audits
- Development of metrics to quantify and monitor key process indicators (KPIs)
- Coach staff in the practices of security related requirements and provide guidance in the course of implementation and other changes.
- Keep up to date on information security threats and countermeasures and advise technical staff.
- Recommend security enhancements and purchases consistent with information security strategy and evolving threats.
SKILLS & QUALIFICATIONS REQUIRED:
- Bachelor’s Degree In Computer Science or related discipline
- The ideal candidate must be equipped with atleast 1 of the following certifications: Certified Information Systems Security Professional (CISSP) OR Certified Information Security Manager (CISM)
- The ideal candidate must have minimum 8 years of hands on experience within the realm of Cybersecurity and Incident Response.
- The ideal candidate must have hands on experience with ISO 27001/2, HIPAA, HITRUST and other industry regulatory controls and compliance.
- The ideal candidate must have prior technical experience with one or more of the following: Audit, Cloud Computing, Incident Response, Network and Firewall and Penetration Testing.
- The ideal candidate must have previous experience with cloud security control design and management.
- The ideal candidate must have proven working knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Access Management, or Web Services.
- Must have the ability to handle multiple projects concurrently.
- Must have excellent verbal and written communication skills including the ability to prepare documentation, policies and build consensus across a broad group.
- Must have excellent time management skills including the ability to prepare, prioritize and complete work plans.
- Must have demonstrated ability to work with geographically diverse offices in a global organization.
- Must have the ability to interpret information security data and processes to identify potential compliance issues.
- Must have the ability to clearly and effectively communicate Information Security matters to executives, auditors, and end-users.
- Must have the ability to work effectively and organize priorities independently.
- Must have writing and interpersonal communication skills are expected to be of high quality.
- Must have decision-making and problem-solving skills including the ability to clearly define and resolve issues.
SKILLS & QUALIFICATIONS PREFERRED:
- Experience within consulting or professional service organizations.
- Prior experience supervising and professional development of staff in the Information Security field.
- GIAC Certified Incident Handler (GCIH) OR EC-Council Certified Incident Handler (ECIH) Certifications.
Independent for over 70 years, Milliman delivers market-leading services and solutions to clients worldwide. Today, we are helping companies take on some of the world’s most critical and complex issues, including retirement funding and healthcare financing, risk management and regulatory compliance, data analytics and business transformation.
Through a team of professionals ranging from actuaries to clinicians, technology specialists to plan administrators, we offer unparalleled expertise in employee benefits, investment consulting, healthcare, life insurance and financial services, and property and casualty insurance.
MILLIMAN BENEFITS AT A GLANCE:
At Milliman, we focus on creating an environment that recognizes – and meets – the personal and professional needs of the individual. We offer a competitive benefits package which includes:
- Medical, dental and vision coverage for employees and their families, including eligible domestic partners.
- A 401(k) plan with matching program.
- Paid Parental Leave up to 12 weeks.
- Profit sharing as a discretionary contribution to employees’ retirement accounts.
- Paid Time Off (PTO) starts accruing on the first day of work and can be used for any reason.
- Adoption assistance.
- Milliman covers 100% of the premiums for life insurance, AD&D, and both short term and long term disability coverage.
- Flexible spending accounts allow employees to set aside pre-tax dollars to pay for dependent care, transportation, and applicable medical needs.