AMVETS Jobs

Description

The Sr. Manager, Information Security is responsible for overseeing a team of IT Security professionals and creating strategies to improve and monitor the security of Cirrus systems. The Sr. Manager, Information Security is responsible for developing, implementing, and maintaining an information security capability that protects the organization’s information assets. This role involves overseeing security policies, risk management, compliance, incident response, and employee training. This leader will possess a deep understanding of information security frameworks and have a proven track record in managing security teams and projects.

This role reports to the Executive Director, Digital Transformation & Technology.

Duties and Responsibilities/Essential Functions

To perform this job successfully, an individual must be able to perform each essential function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.

• High Performing Team: Build high performing team of IT Security professionals that plan and design security solutions that enable the organization to identify, protect, detect, respond, and recover from cyber threats and vulnerabilities. Selects, develops and evaluates personnel to ensure the efficient operation of the function. Provides leadership and mentorship to the information security team, fostering a culture of security awareness.

• Vision/Strategy/Roadmap: Creates Information Security and Cybersecurity strategy, roadmap, goals, objectives and metrics to mitigate business threats, address opportunities and prioritize for protection of critical systems. Prioritize projects, financials, and KPIs to measure progress against the roadmap while leveraging both mainstream and emerging technologies to transform the information security capability. Prepare and present reports on security metrics, incidents, and compliance status to executive management.

• Security Architectures: Oversees the planning, design and build of security architectures. Ensures the implementation of network and computer security is compliant with corporate cybersecurity policies and procedures. Responsible for mitigating enterprise cybersecurity risks for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices. Configures and installs firewalls and intrusion detection systems. Implements software fixes (patches) to remove system vulnerabilities. Owns incident response planning, leads vulnerability audits and forensic investigations. Evaluates potential business impacts from security breaches and provides strategic and tactical guidance to Executive & business decision-makers. Responsible for security systems compliance policies and procedures.

• Vulnerability Assessments: Performs security assessments, penetration tests, vulnerability scans and risk analysis across the Cirrus ecosystem. Manage vulnerability assessments and security audits to identify cybersecurity risks. Drives improvements necessary to mitigate those risks. Performs technical analysis of vulnerabilities and leads in the development of vulnerability corrective action plans. Conducts a regular review of network, application and operation system security documents and procedures. Reviews results of vulnerability assessments and code reviews and informs management of vulnerabilities, risk and mitigation. Provides technical expertise to the vulnerability assessment team responsible for the testing, validating, and the security of the company’s applications, servers, and networks.

• Cybersecurity Focus: Identifies cybersecurity architecture, goals, objectives and metrics; analyzes business needs and priorities for protection of critical systems. Keeps abreast of the latest intelligence from law enforcement and other sources of cyber threat information. Monitors systems for cybersecurity vulnerabilities, threats and events, oversees incident response planning, and leads vulnerability audits and forensic investigations. Evaluates potential business impacts from security breaches and provides strategic and tactical guidance to business decision-makers. Reviews, manages and approves the action plans for policy creation and governance, system hardening, monitoring, incident response, disaster recovery, and emerging cybersecurity threats.

• Security Controls: Manages the development, deployment and execution of controls and defenses to ensure the security and risk mitigation of company infrastructure technology, information systems and digital payment systems. This includes leading investigations with any suppliers that have security breaches. Establishes and implements operational policies and appropriate standards and criteria for hardware, software, email and web firewall, access verification and encryption requirements. Manage the administration and hardening of internal processes and systems against outside penetration and attack. Collaborate with IT, legal, and compliance teams to ensure security practices meet regulatory requirements

• Application Security Assessments: Approves the security requirements and the security integration plans to protect existing infrastructure and to incorporate future solutions by doing a thorough security assessment of software. Partners and collaborates with stakeholders to encourage the adoption of security-compatible software designs and best practices.

• Disaster Recovery Plan: Manages the design, implementation and communication of the IT disaster recovery plan. Oversees the risk analysis of critical operations and systems essential to continuing business operations in the event of a disaster. Monitors and tests the design and implementation of network and server backup solutions. Leads the IT disaster recovery program/project design function to ensure strategic goals are met. Partners with corporate disaster recovery and business continuity teams to include training, testing and communication of disaster procedures within the organization. Builds the necessary controls, infrastructure and procedural playbook to monitor, identify and provide proactive detection and response. Coordinates response to significant incidents and identifies cybersecurity risks and gaps. Reviews detailed incident reports and provides technical briefs to the IT security team.

• Vendor Management: Manages information security and cybersecurity vendor partnerships and associated contracts, including cybersecurity insurance vendors. Manages and directs the cybersecurity training vendor, prepares phishing simulations and reports results. Coordinates security training programs for employees to promote security awareness and best practices. Partners with a cybersecurity firm to implement two executive tabletops each year.

Education and/or Experience:

• Certified Information Security Sr. Manager (CISM) or Certified Information Systems Security Professional (CISSP) helpful.

• Bachelor’s degree in computer science, business administration or related field, or equivalent combination of education and experience.

• 10+ Years of building high performing Information Security teams and capabilities, leading cybersecurity implementation programs, vulnerability management, disaster recovery planning, coordinating security assessments and driving continuous improvement.

• Required experience managing information security vendor relationships, negotiating contracts and managing the vendor performance.

• Required experience building an information security capability from the ground up, including vision, strategy, goals, outcomes and roadmap.

• Required experience leading diverse and cross functional teams.

• Required experience in preparing and presenting reports on security metrics, incidents, and compliance status to executive management.

• Demonstrate experience partnering with front of the house functions such as sales, marketing and customer service through capabilities supporting the back of the house and through customer delivery.

Demonstrated Proficiencies/Skills/Abilities:

• Exceptional leadership skills, with the ability to develop and communicate strategy, inspire and motivate the staff, and maintain alignment across the business.

• Guides, influences and persuades others internally and/or externally; Understands the importance of partnership and Cirrus' interdependencies

• A high degree of political savvy, astuteness and the ability to use informal power structure of the organization to achieve program success and overcome obstacles.

• Strong business acumen, including manufacturing industry and IT domain specific knowledge.

• Deep understanding of how organizations can use current technologies to drive digital business.

• Ability to develop programs and deliver them with financial and resource constraints.

• Strong communication skills and ability to translate between, and connect, business and technology

Competencies

To perform the job successfully, an individual should demonstrate the following competencies:

• Balances Stakeholders: Anticipates and balances the needs of multiple stakeholders. This competency includes building and maintaining effective relationships with stakeholders at all levels, both internal and external to the organization. It is demonstrated by understanding and proactively managing the expectations and needs of various stakeholders, balancing their interests and resolving conflicts to fairly meet the demands of all.

• Situational Adaptability: Adapts approach and demeanor in real time to match shifting demands of different situations. This competency includes leveraging emotional intelligence to pick up on situational cues and adjusting in the moment, as well as adapting to different personal, interpersonal and leadership styles. Leverages different approaches in different situation to drive to desired results.

• Builds Effective Teams: Builds strong effective teams that apply their diverse skills and perspectives to achieve common goals. This competency includes selecting individuals and building a team with appropriate and diverse mix of styles, perspectives, and experience. Creates a team environment via establishing common objectives and a shared mindset resulting in feeling of belonging and strong team morale. Recognizes and celebrates team wins. Fosters open dialogue and collaboration among the team.

• Ensures Accountability: Holds self and others accountable to meet commitments. This competency includes acting with a clear sense of ownership, following through on commitments and ensuring others do the same. Takes personal responsibility for self and team’s decisions, actions and failures. Establishes clear responsibilities and processes for monitoring work and measuring results, including feedback loops.

• Drives Results: Consistently achieves results, even under tough circumstances. This competency includes engaging with the business unit on resolving trade-offs of scope, priority, business and technical risk, and business impact of dependencies among multiple Information Services. Ensures full transparency and no surprises, keeping stakeholders up to date with the latest delivery status and risks.

• Manages Complexity: Makes sense of complex, high quantity, and sometimes, contradictory information to effectively solve.

• Business Insight: A pplies knowledge of business and the marketplace to advance the organizations goals.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice. Work beyond 40 hours per week may be required.

Cirrus is dedicated to a drug free work environment promoting equal employment opportunity. Qualified applicants will receive consideration for employment without regard to race, sex, national origin, color, age, disability, religion, pregnancy, veteran status, marital and family status, sexual orientation, receipt of public assistance, genetic information or any other characteristic protected by applicable law.

Our Benefits: Cirrus provides a range of exciting benefits, including:

• 401(k) Plan: Dollar-for-dollar match up to 5% after 90 days, with 100% vesting.

• Employer-Paid Coverages: Group term life, short- and long-term disability insurance.

• Comprehensive Health Coverage: Medical, vision, dental, with additional dependent coverage options.

• Free Health Tracking: With rewards for meeting health goals.

• Generous PTO: 160 hours accrued within the first year.

• Employee Referral Bonus: For referring talented candidates.

• Career Development: Tuition reimbursement and professional growth opportunities.

• Exclusive Discounts: Access to partner and marketplace discounts.

• Community & Engagement: Company and employee clubs at various locations.

These benefits are designed to support your well-being, growth, and enjoyment at Cirrus!

Equal Opportunity Employer

This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.