Sr Manager Cybersecurity Sr Manager Cybersecurity Sr Manager Cybersecurity

About The Position

Requirements

• 10+ years of experience in Information Technology Security, 5+ years of experience in Cloud and IoT cybersecurity
• BS in Computer Science, Computer Engineering, Information Systems, or equivalent experience
• CISSP or GIAC GSE certification
• Additional relevant certifications (IRMCB, CompTIA, ISACA, ICS2, etc)
• Training on best cybersecurity practices and regulatory requirements from a recognized industry organization (SANS Institute, NICCS, etc)
• Ability to explain complex concepts and dependencies
• Ability to lead and facilitate training and planning workshops
• Ability to understand contractual and regulatory requirements related to information management and cybersecurity
• Experience creating standards, policies, and procedures
• Creative vision and ability to influence
• Time management and organizational skills, with the ability to meet tight deadlines
• Strong interpersonal skills
• Excellent written and oral communication, including presentation skills
• Extensive experience implementing common cybersecurity control frameworks such as NIST CSF, SOC2 Type 2, ISO 27001, or similar
• Demonstrated experience leading preparation and successfully attaining SOC2 Type 2 attestation
• Strong knowledge and expertise in secure software development lifecycle, understanding of common vulnerabilities in Web, Mobile and services-based applications, understanding of cybersecurity testing
• Strong knowledge and practical experience with identity management, authentication and authorization standards
• Strong experience with common application security concepts, such as the OWASP Top 10, and their practical implementation.
• Experience with vulnerability management methodologies and implementations.
• Solid understanding of intrusion detection and prevention solutions and techniques
• Experience with multi-factor authentication, single sign-on, identity management, and related technologies.

Nice To Haves

• Experience implementing development processes in line with IEC-62443-4
• Experience with PCI DSS
• Strong understanding of PKI standards and best practices
• Experience with audit compliance and tracking software
• Understanding of DevOps principles and "shift left" philosophy.
• Understanding of application development and secure coding techniques.
• Certified Cloud Security Professional (CCSP)

Responsibilities

• Establish and evolve unified security architecture, key security controls, and models; while being subject matter experts for various security areas, ensure our security practices and controls constantly improve
• Lead preparation and successful completion of initial and recurring cybersecurity audits in line with the attestation and certification requirements of SOC2, ISO-27001, PCI DSS, and similar standards
• Provide guidance and advice to Software Development, Cloud Engineering, Enterprise System, and other teams in relation to secure development practices at both the application level as well as the virtual infrastructure level; periodically review adherence to the guidelines and enable continuous improvement by providing feedback and further inputs to the corresponding managers and teams
• security requirements related to cybersecurity, assess steps required to meet these requirements, and provide inputs to Product Management, Software Development, and Enterprise Software
• Collaborate with other teams and departments to review business and regulatory security requirements and fit them with other constraints or technology limitations.
• Educate and mentor project team members in areas of security best practices and company security policies.
• Create and maintain architecture design artifacts such as diagrams and documentation.
• Maintain and expand knowledge of best practices and emerging trends in both general information security as well as key specialty areas such as cloud and mobile security.
• Establish processes and criteria to translate output of architecture assessments, penetration tests, and application security scans into actionable remediation
• requirements; monitor remediation activities to ensure the timelines and priorities are in line with expectations.
• Provide feedback and approval for system and application designs and architectures as relates to adherence to security principles and company security policies.
• Integrate and collaborate with the Information Technology team for various processes such as access and identity management, vulnerability management, risk management, etc.
• Own, author, and update company policies related to cybersecurity
• Lead evolution and recurring testing of the incident response program; contribute to decision-making responding to potential cyber threats
• Mature and evolve robust and efficient processes managing supply chain cyber security, software, and hardware component and tool approval; enhance vendor cyber risk evaluation and assessment
• Establish a continuous process for identifying potential threats and collaborating with various engineering teams to assess threat and vulnerability impacts
• Engage with various industry players, organizations, and interest groups to influence policymaking and standard development in relation to EV charging and e-mobility
• Constantly learn about the changing cybersecurity landscape and take actions to prepare our company for the future