Industry: Accounting, Finance & Insurance•
5 - 7 years
Posted 84 days ago
Security Operations Center Manager
Summary of This Role
Manages the development, deployment and execution of controls and defenses to ensure the security of company technology and information systems. Analyzes business needs and establishes priorities for protection of critical systems and operational policies.
Establishes and implements appropriate information security standards and criteria for hardware, software, firmware, email and web firewall, access, vendors and third party solutions, and encryption requirements. Evaluates potential business impacts from security breaches and resolves security incidents while providing guidance to business decision-makers. Maintains access to information security technologies.
This management position will be responsible for the day-to-day operation of the follow-the-sun 24x7x365 Threat Management Center (TMC) service in TSYS Columbus, with direct line accountability of 9 direct reports. This leader will be responsible for the Information Security threat detection and response team, as the first line of defense, aligned under the Threat Management Center based in Columbus, GA.
This includes accountability for all internal security monitoring operations tasks and management of the Columbus Security Operations Center and will coordination within the 24x7x365 securityevent situational awareness with the TSYS Threat Management Center in the US. The Columbus SOC Manager is responsible for the overall technical and process direction of the Columbus Security Operations Center, and will also serve as the administrative leader for the Columbus SOC team members. This Leader will mentor and guide SOC Leads and Analysts and perform knowledge transfer to other teams as required. Manages and executes tactical activities of the global Threat Management Center (TMC).
Monitors, investigates and contains cyber attacks and incidents across the enterprise. Leverages security systems to include: Security Information and Event Management (SIEM), email and spam gateways, wireless and network intrusion, detection, prevention, data loss prevention, web proxy, network and web application firewalls, malware, anti-virus detection and other security technologies. Manages the implementation of access control defenses. Reviews and manages cybersecurity research efforts regarding real time external cyberthreats, investigations of threat intelligence feeds, and briefings from the government and private sources. Manages the monitoring, identification, analysis, and response to suspicious real time events that occur against corporate networks and systems.
Executes containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence to be used for after action reporting and/or legal evidence. Collaborates with internal information technology stakeholders to determine risk and exposure. Exchanges threat intelligence with other security organizations. Leverages multiple security technologies and technical concepts (e.g., mainframe, networking, authentication, database concepts) to deliver critical initiatives.
Manages development, deployment and support activities for multiple critical security technologies to include problem resolution and management, application maintenance, project requests and system enhancements. Anticipates and meets client expectations and business needs. Analyzes and responds to threat trends and new business opportunities. Assesses and approves non-routine, complex security projects, while acting as a security subject matter expert. Detects securityevents that trigger the corporate security incident response plan. Reviews and approves the implementation of countermeasures and other actions to be deployed within security technologies.
Consults with security and technical leadership and outside security vendors to validate the recommended security control measures. Reviews policy and configuration within security technologies to ensure effectiveness of mitigating risk. Provides situational awareness to appropriate senior leadership, forensics technicians or security personnel while maintaining confidentiality and containment of the incident. Provides expert support and timely and effective decision making for incident declaration.
Conducts post mortem reviews of cybersecurityevents to ensure that actions were appropriate, gaps were identified and procedures were updated and understood by team members. Develops and improves procedural documentation for the standardization and repeatability of incident handling and analysis. Develops and maintains key performance metrics that are used to measure team performance and program effectiveness. Creates and maintains critical and restricted documentation.
Provides expert support and guidance to security personnel regarding current security technologies and defensive tactics. Maintains working knowledge of a wide variety of security technologies and how they apply to the organization and can be leveraged to effectively defend the enterprise IT systems. Troubleshoots functional and operational errors within security technologies and collaborate with external and internal stakeholders. Not an exhaustive list; other duties as assigned.
Scope of Responsibilities: Responsibilities are often at the department or sub-department level/functional specialty.
Planning Horizon: Planning horizon is typically less than 1 year.
Reporting Relationships: Typically reports to an Associate Director or Director.
Problem Solving Requirements: Problems are specialized, but routine and typically clearly defined. Manager guidance is available.
Span of Control Accountability: Typically manages the work of five or more supervisors, entry to mid-level professional/technical team members or administrative/call center/production team members. Handles routine performance management and other staffing decisions.
• In-depth familiarity with security policies based on industry standards and best practices
• Expert knowledge of SIEM technologies, like Splunk ES, ArcSight, vendor specific certifications strongly preferred
• Experience in designing and building security and/or network operations centers
• Incident management process development and/or incident managementexperience
• 4+ years working within the information security field, with emphasis on security operations, incident management, intrusion detection, firewall deployment, and securityevent analysis
• Experience with security device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.)
• Ability to lead and communicate efficiently within a team environment
• Great customer service skills.
Typically a minimum of 6 years related professional experience and prefer a minimum of 1-2 years experience in a supervisory position.
Bachelor's Degree related field of study from an accredited university is required; however, relevant experience in lieu of a degree may be considered.