Job Description : JOB SUMMARY
Develops, manages, and coaches the global SIRT (Security Incident Response), risk response, forensics and SOC (Security Operations Center) teams. Builds and supports a metrics-driven, risk-centric and outcome-based culture and drives the continuous maturation and improvement of information security capabilities. Assesses the security posture of H&R Block's global client base of technology vendors, IT and business customers. Monitors and reports on the organization's information security performance against established regulatory packages and requirements (NIST, ISO, PCI DSS, etc.) to senior leadership. Responsible and accountable for monitoring/detection, triage and containment, and recovery operations for all HRB properties globally.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Manages security operations including organization and staffing.
- Conducts employment interviews, makes hiring decisions, and participates in corrective action and termination discussions and decisions.
- Sets daily priorities and assigns tasks and projects to team members as required.
- Monitors and provides periodic status updates and risk assessments on each project.
- Develops and monitors performance metrics and develops team members to ensure consistent, effective and efficient processes and results.
- Prepares and delivers associate quarterly and annual performance reviews, including performance metrics for each performance objective.
- May be engaged in developing and managing a budget for assigned group.
- Evaluates and monitors external and internal securitythreat levels, the organization's defensive posture, associated risks and mitigation recommendations.
- Advises leadership on security gaps, operational issues and industry trends which require prioritization, funding or consideration.
- Drives adoption of security policies, procedures, standards and processes.
- Establishes and leverages relationships in order to ensure security initiatives are properly assessed, documented and prioritized.
- Analyzes new requirements, standards and capabilities to determine feasibility and timing of implementation in segment-level programs.
- May serve as subject matter expert on complex, high risksecurity efforts, designing and developing security testing scenarios.
- May manage complex, high risk, high impact security projects.
- Estimates project hours and resources required.
- Manage project work plan and resources.
- Develops status reports and update senior management with progress as necessary.
- Bachelors' degree in Computer Science or equivalent through a combination of education and work experience.
- Ten years' experience in a position requiring IT technical problem-solving skills.
- Minimum of 3 years' supervisory and/or training experiencerequired
- Minimum of 5 years' experience in information security or networking.
- Demonstrated development and/or management of a mature SIRT or SOC team in a global enterprise.
- Demonstrated knowledge of information security discipline via relevant industry certifications (e.g., CISSP, CAP, CISM, GSEC, GSNA).
- Understanding of IT related regulations (e.g., SOX, PCI) and frameworks (e.g., NIST, ISO 27001).