As a member of the Information Security leadership team, the Manager, Security Response plays an important role in helping to define the direction for the team and managing security incident response activities. Drives, implements, and manages security incident response procedures using a variety of tools and technologies in order to rapidly identify and respond to threats.
Reports to the Director, Information Security. Manages the day-to-day operations of the Security Response team and manages 3-6 non-supervisory associates. Interacts regularly with business stakeholders and other IT teams.
PRIMARY DUTIES AND ACCOUNTABILITIES
With a focus on leadership, vision, strategy, culture, best practices and continuous improvement, performs the following personally and through subordinate associates:
- Manages and coordinates response teams during security incidents (phishing, DDOS, malware, etc) through resolution and to lessons learned stage
- Develops tactical response procedures for security incidents
- Reviews alerts and data from systems and responds accordingly, including documentation and escalation.
- Recommends and implements mitigating actions to contain incident related activity
- Mentors junior staff to advance their skills and knowledge to promote professional growth
- Participates in product selection, vendor evaluations, and implementations of security technologies.
- Recommends security enhancements to management
- Assists in the design, implementation, and maintenance of the Choice security plan, policies, procedures, and standards.
Carries out supervisory responsibilities in accordance with Choice’s cultural values and performance principles, Company policies and applicable laws. Responsibilities include:
- Actively participating in the interviewing and hiring processes and ensuring successful functional on-boarding of new associates;
- Planning, assigning and directing work for direct reports;
- Setting reasonable stretch performance goals, providing constructive, balanced, regular performance feedback, and conducting bi-annual performance appraisals;
- Recognizing and rewarding performance excellence;
- Communicating and enforcing company policies and programs;
- Applying corrective discipline, addresses complaints and resolving problems in a timely fashion, involving and collaborating with leadership and Human Resources as appropriate.
In collaboration with leadership and Human Resources, develops and executes a plan for retaining and developing talent to meet current and future business objectives to include:
- Engaging in talent review evaluations;
- Collaborating with direct reports on their professional development and growth; and,
- Assisting with developing leadership succession plans for the department.
- Understands the role of the department in the overall corporate strategy and sets objectives that are aligned with this role. Assists in determining overall strategic direction and business contribution of the department. Monitors direction and growth of the business to ensure application of appropriate technologies and support resources. Assesses strengths and weaknesses in the department. Continuously keeps up on industry trends, direction, opportunities, and applicability as it pertains to Choice.
Education, Experience and Knowledge
- Bachelor’s degree (BA) from a four-year college or university; or one to two years related experience and/or training; or equivalent combination of education and experience.
- A minimum of seven years experience in technology roles that provide a background in IT areas such as software development, infrastructure, operations, and incident response.
- A minimum of three years experience acting in a security incident response role with responsibility of analyzing alerts/threats, responding accordingly, developing incident response plans and procedures.
- Previous experience using a SIEM to analyze and correlate activity.
- Knowledge of Active Directory log events
- Previous experience identifying indicators of compromise and writing custom alerts.
- Previous supervisory experience and proven success in managing technical teams.
- Knowledgeable in security technologies, procedures, and best practices to include functions such as Web Application Firewalls, Intrusion Detection Systems, File Integrity Monitoring, SIEM, and Vulnerability Scanning
- Experience providing technical requirements to various development and infrastructure teams.
- Experience documenting incident cases and managing lessons learned meetings.
- Experience automating repeatable tasks.
- Experience integrating security technologies and procedures into continuous delivery/devops environments.
- Information Security Incident Response Handler certification preferred.
- Strong verbal, written and listening communication skills.
- Strong interpersonal skills and demeanor.
- Demonstrated analytical skills.