Quantam Solutions provides IT solutions and consulting. We offer a competitive hourly wage, health benefits, paid time off, and a 401(k) plan. We're currently seeking an Information Security Manager of Operations.
JOB DESCRIPTION:
Our client is seeking a highly motivated and experienced Information Security Manager of Operations to oversee and manage day-to-day information security activities. Reporting directly to the Chief Information Security Officer (CISO), this role is crucial for ensuring the confidentiality, integrity, and availability of systems and data. The ideal candidate will have strong leadership skills, technical expertise, and a deep understanding of information security principles and best practices.
Key Responsibilities:
Security Operations Management:
- Lead and manage the security operations team responsible for monitoring, detecting, and responding to security incidents.
- Develop and implement security policies, procedures, and standards to maintain a secure operating environment.
- Conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security risks.
- Ensure compliance with relevant regulations, standards, and frameworks (e.g., GDPR, ISO 27001, NIST).
Incident Response and Management:
- Develop and maintain an incident response plan to effectively mitigate security incidents.
- Lead incident response activities, including containment, eradication, and recovery efforts.
- Coordinate with internal teams and external stakeholders to investigate and resolve security incidents.
Security Monitoring and Threat Intelligence:
- Oversee the implementation and management of security monitoring tools and technologies.
- Monitor security events and alerts to identify potential threats and vulnerabilities.
- Stay informed about emerging cybersecurity threats through threat intelligence feeds and industry publications.
Security Awareness and Training:
- Develop and deliver security awareness training programs to foster a security-conscious culture.
- Provide guidance to employees on security best practices and procedures.
Risk Management:
- Conduct risk assessments to identify and prioritize security risks.
- Develop and implement risk mitigation strategies and controls to minimize the impact of security incidents.
- Monitor and report on the effectiveness of risk mitigation efforts.
Vendor and Third-Party Risk Management:
- Evaluate the security posture of third-party vendors and service providers.
- Establish security requirements and standards for vendor contracts.
- Continuously monitor vendor security practices to ensure compliance with established standards.
Required Qualifications:
- Bachelor’s degree in Computer Science, Software Engineering, or a related field (equivalent professional experience may be considered in lieu of a degree on an exception basis).
- Minimum of 5 years of experience in information security, with at least 2 years in a management or leadership role.
- Demonstrated ability to lead security operations teams and manage security incidents.
- Proficiency in Microsoft Office Suite (Word, Excel, Outlook).
- Strong understanding of information security regulations, including FISMA, FedRAMP, ISO 27001, NIST, COBIT, and ITIL.
- Excellent documentation, communication, and project management skills.
- Ability to work independently with minimal supervision.
- General cybersecurity understanding and basic network security knowledge.
Preferred Qualifications:
- Certifications: One or more of the following certifications are preferred:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Experience working with government agencies, particularly the Department of Defense (DoD), on information security matters.
- Experience with classified systems and their associated security requirements.
- Knowledge of vendors and their products related to security.
Skills and Abilities:
- Strong leadership and team management abilities.
- Innovative and creative mindset with the ability to stay updated on emerging security practices.
- Strong organizational skills with the ability to manage multiple tasks and projects.
- Excellent problem-solving and decision-making skills.
- Ability to set the tone for the organization’s security posture and motivate teams.
Professional Development:
- Stay current with emerging trends in cybersecurity through professional development, reading industry publications, and participating in professional organizations.
Additional Information:
This is a partial listing of the necessary knowledge, skills, and abilities to perform the job successfully. The Information Security Manager of Operations will play a critical role in shaping the security strategy and ensuring the protection of systems and data across the organization.