Overview
Responsibilities
- Manage the work direction and resource needs for a team of Cybersecurity Analysts and Engineers. Define strategic goals and manage performance to meet those goals, specific to security vulnerability scanning and remediation, administration of applicable toolsets and enterprise vulnerability & risk analytics.
- Manage activities relative to the day-to-day operations of vulnerability reporting and remediation; determine business and technical requirements to maintain the highest possible degree of monitoring, assessment, testing, and analysis capability. Serve as a key respondent and facilitator for proactive cyber risk remediation in the organization.
- Recruit, retain, and develop a diverse and high performing team; create an environment of continuous learning and growth development.
- Follow industry and technology trends and best practices to advise leadership and direct teams on the best employment of tools, techniques and procedures.
- Maintain a high degree of awareness of current and potential threats and risks to the company and sector.
- Develop and maintain a working relationship with internal stakeholders and third-party service providers. Work with business unit executives and service providers to introduce into and refine cybersecurity capabilities within the environment.
- Must possess a broad knowledge relating to IT infrastructure and Cybersecurity, and have in-depth and up-to-date experience with today’s enterprise level platforms and tools, including penetration testing, asset/application/service discovery, and vulnerability scanning tools, techniques, and procedures.
- Remote eligible.
Qualifications
- Bachelor’s degree in related field or equivalent combination of education and experience preferred
- 7+ years in Information Technology, including 3+ years of experience managing a complex function, team or program.
- 5 years direct experience in cybersecurity operations and/or cybersecurity incident response.
- One or more relevant technical/professional security certifications (such as: COMP-TIA Network+, Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific) preferred.
- Experience in Windows, UNIX/Linux OS required.
- Functional understanding of regulatory and compliance mandates and frameworks, including but not limited to: HIPAA, HITECH, PCI, Sarbanes-Oxley, Center for Internet Security (CIS), NIST, or MITRE Attack Framework preferred.
- Experience conducting Vulnerability Testing (Network, Application, Database, and/or System Security), Analysis, Prioritization, and Documentation, and the management of communication with leadership and affected stakeholders preferred.
- Leadership experience preferred
- Demonstrated ability to effectively communicate and present complex technical information to a broad audience and make recommendations with justification to leadership.
- Proven investigative and problem solving, critical thinking, root-cause analysis, and business risk analysis skills.
- Experience in the healthcare industry or critical infrastructure preferred.