Manager, Cyber Security

About The Position

Requirements

• High school diploma or GED.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a closely related technical field. Equivalent professional experience may be accepted in lieu of formal education.
• CISM, CISSP, CEH, or comparable cybersecurity certifications.

Responsibilities

• Lead, supervise, and mentor a team of cybersecurity analysts and engineers.
• Assign tasks, monitor performance, and ensure the team meets its objectives efficiently.
• Foster a culture of continuous learning by providing training, certifications, and knowledge-sharing opportunities.
• Conduct performance evaluations and recommend career development plans for team members.
• Recruit, develop, and retain top cybersecurity talent.
• Design a multi-year cybersecurity strategy that aligns with organizational goals and technological advancements.
• Define measurable goals and KPIs to track security program success.
• Present the strategy to executive leadership and adjust based on feedback and evolving business needs.
• Develop, implement, and maintain security policies, standards, and guidelines.
• Regularly review and update policies to stay ahead of emerging threats and regulatory requirements.
• Create and manage the cybersecurity budget, ensuring investments are aligned with organizational priorities.
• Identify opportunities to optimize costs while maintaining strong security standards.
• Lead periodic organization-wide risk assessments, vulnerability scans, and threat analyses.
• Create detailed risk profiles for business units, prioritizing risks based on likelihood and potential impact.
• Develop risk mitigation plans that integrate seamlessly into operational processes.
• Ensure implementation of controls for physical, cloud, and network infrastructures.
• Oversee security audits for vendors, contractors, and third-party partnerships.
• Establish criteria for vendor selection based on security posture.
• Ensure compliance with data protection laws, such as GDPR, HIPAA, or local equivalents.
• Ensure adherence to industry standards and regulations (e.g., NIST CSF, ISO 27001, SOX, PCI DSS).
• Establish and regularly update an Incident Response Plan (IRP) that addresses various scenarios, including ransomware, DDoS attacks, and data breaches.
• Lead cross-functional teams during incidents to minimize business disruption.
• Ensure detailed post-incident reports with root cause analyses and recommendations for improvement.
• Partner with IT and operations teams to integrate cybersecurity into disaster recovery and business continuity plans.
• Test and refine plans through simulations and tabletop exercises.
• Manage SOC activities, ensuring 24/7 monitoring, detection, and response capabilities.
• Evaluate and implement advanced technologies like AI-driven threat detection and zero-trust architectures.
• Oversee the deployment and maintenance of security technologies, including firewalls, IDS/IPS, EDR solutions, and SIEM platforms.
• Ensure robust security configurations across all systems, including cloud services, IoT devices, and mobile endpoints.
• Implement encryption, tokenization, and DLP (Data Loss Prevention) systems to safeguard sensitive data.
• Develop executive-level reports that track security metrics, risk scores, and incident trends.
• Create and lead cybersecurity awareness training programs for all employees.
• Measure effectiveness through phishing simulations and employee engagement metrics.
• Act as a key partner to IT, legal, compliance, HR, and other departments to ensure security is embedded across the organization.
• Participate in major project planning to identify and address security implications early.
• Must be available to work regular business hours Pacific Standard Time.
• Must also be available to work on-call, evenings and weekends as needed.
• Performs other duties as required to support the business and evolving organization.

Benefits

• Medical
• dental
• vision
• 401k
• flexible spending account
• paid sick leave and paid time off
• parental leave
• quarterly performance bonus
• training
• career growth
• education reimbursement programs