The Security Operations Manager is responsible for the execution of BCG Omnia’s product and cloud infrastructure security program in alignment with Information Security & Risk Management standards and best practices for Software as a Service (SaaS).
YOU'RE GOOD AT
Working with a myriad of product, engineering, and cloud infrastructure management teams to implement and manage security in a SaaS environment. The Security Operations Manager will:
- Understand business and cloud security requirements of engineering, product, and cloud infrastructure delivery teams.
- Work collaboratively with engineering, product, and cloud infrastructure teams to lead effective process improvements and improve overall security effectiveness.
- Lead and mature security of cloud infrastructure and operations.
- Serve as Lead technical systems security subject matter expert providing guidance and recommendations.
- Monitor security advisories that impact security, risk, and compliance requirements.
- Aiding the security management analysts in investigating, analysing and remediating vulnerabilities
- Review vulnerability assessment results, prioritize, and assist in remediation efforts.
- Support the implementation and management of operational security controls.
- Identifying and incorporating security capability requirements into security strategy.
- Support security incident response process, work with subject matter experts, recommend corrective actions, and respond to investigations requiring technical security analysis.
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
YOU BRING (EXPERIENCE & QUALIFICATIONS)
- 5-8+ years in information security, compliance, audit and risk management.
- 5-8+ years in information technology environments including SaaS.
- Knowledge of Linux and Windows based system administration.
- End-to-end security including web, application, network, and database.
- Experience with security analytics and analysis, logging, and reporting.
- Managing identity access, threat, and vulnerability detection.
- Familiarity with audit, risk mitigation, and IT controls such as separation of duties.
- Security certification such as CISM or CISSP.
- Knowledge of industry standards and frameworks such as SOC2, ISO 27001, and CSA CCM