JOB SUMMARY:

Under direction of the Director of Information Security, the Senior Manager of Information Security Operations is responsible for the technical oversight of the information security technology portfolio and assists in the delivery of the overall information security program. The Senior Manager of Information Security Operations is a hands-on technologist. The Senior Manager of Information Security Operations is a subject matter expert (SME) for all information security platforms and plays a lead role in developing the firm’s global information security architecture as well as investigating information security events.

The Senior Manager of Information Security Operations leads the information security engineering team with direct oversight of assigned staff.

The Senior Manager of Information Security Operations assumes responsibility of the firm’s information security program, including direct oversight of all information security staff in the absence of the Director of Information Security.

As a leader within the Information Security Team, the Senior Manager of Information Security Operations takes a central role in actively promoting a culture of information security throughout the organization.

The scope of this position is firm wide and requires a thorough understanding of all the IT systems the firm uses, and how those systems are secured.

The Senior Manager of Information Security Operations advises the Information Security Team on emerging vulnerabilities and newly introduced risks to firm systems, and takes a proactive approach in continually assessing the security of firm systems throughout their lifecycle, providing recommendations for enhancing security and adapting to new threats and vulnerabilities.

ESSENTIAL FUNCTIONS:

• Excellent customer service skills and sense of urgency when resolving issues
• Provide technical leadership for all information security platforms
• Serve as the final escalation point for technical issues related to information security platforms
• Architect information security solutions
• Oversee and directly participate in the administration of all information security technology platforms, ensuring that technologies are optimally configured and maintained to provide maximum uptime and protection to firm information systems
• Take the lead role in responding to and containing information security related incidents
• Take a lead role in developing and managing information security programs, including, but not limited to; information security awareness, vulnerability management, vendor risk management and risk management
• Partners with IT managers to develop and maintain best practices and policies for security of all internal systems.
• Communicate with firm Senior Leadership in the absence of or as directed by the Director of Information Security
• Participates as a member of the firm’s Information Security Forum
• Play a primary role in the selection of new information security technologies
• Conduct regular technical risk assessments of systems and infrastructure
• Oversee and directly participate in the installation, configuration, and monitoring of new information security technologies
• Actively participate in the maintenance and development of the Information Security Management System
• Engage proactively in risk management activities
• Assist in the development and knowledge transfer to information security team members, as well as other IS or firm groups
• Promote a culture of information security across all business units
• Understand the role of systems and technology within the firm and the value they deliver to the business

OTHER RESPONSIBILITIES:

• Maintain current security certifications and attend industry seminars and relevant continuing education events
• Performs other work related duties as assigned

EDUCATION, EXPERIENCE AND SKILLS REQUIRED:

• Bachelor of Science degree in a technology related discipline or 4 years of relevant experience
• 5+ years of full time experience leading and managing information security professionals
• 7+ years of full time experience in dedicated, technical information security roles
• 5-7 years of full time experience in information technology in an area such as; networking, desktop engineering, programming or systems administration.
• Strong knowledge of information security principles and practices
• Experience with incident response and analysis, preferably in a leadership role
• Strong knowledge in the use of information security and networking tools such as; Nmap, Wireshark, Nessus and Kali Linux
• Experience performing packet analysis
• Strong knowledge of IDS/IPS, firewalls, proxies and other network security technologies.
• Strong knowledge of host-based information security technologies
• Strong knowledge of Incident Analysis and Response concepts and techniques
• Strong knowledge of security implications involving a variety of technologies including but not limited to; Microsoft, Cisco, Unix/Linux, and other market leaders in technology solutions, including mobile devices
• Strong knowledge of Splunk & Splunk Enterprise Security is desirable
• Experience with software, system and security architectures
• Strong written and oral communication skills
• Strong knowledge and understanding of advanced security concepts and standards/regulatory frameworks
• Ability to work independently with little or no supervision
• Organized, responsive and highly thorough problem solver
• Flexible work schedule to troubleshoot escalated issues out of hours and apply production changes where needed
• CISSP certification is required
• Any two of the following certifications is required; CISM, CSXP, OSCP
• One or more of the following certification is desired: CSXP, GCIH, GCIA, GCED, OCSP

ESSENTIAL CAPABILITIES:

• Ability to relate to non-technical users in user-friendly language
• Ability to understand technical implications of security threats
• Ability to motivate and lead a team of diverse technical professionals
• Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation in a high-pressure environment
• Ability to gauge one’s strengths and limitations
• Ability to write clear and concise reports, including executive summaries
• Ability to deal with changes and adapt to a changing environment
• Must demonstrate the ability to maintain strict confidentiality of the firm's internal and personnel affairs
• Ability to work well with others, harness different skills and experience, and build a strong sense of team spirit
• Highly self-motivated and directed
• Ability to work in a multi-office environment and willingness to travel to other offices as required
• Ability to work effectively in a culturally and educationally diverse environment

WORKING CONDITIONS:

Normal office environment. Incumbent is expected to work the hours necessary to fulfill the responsibilities of the position.

Incumbent is expected to work the hours necessary to fulfill the responsibilities of the position.

Periodic travel may be required.

The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of essential functions, responsibilities or requirements.