Job Description - Information Security Operations Manager
Information Security Operations Manager
New York, NY
Department: Information Security
Reports To: The CISO
The information security operations manager will be responsible for developing and managing the global information security operations function in the CISO office. He will own and drive the global rollout of a robust and formal approach to managing information security operations programs across all technology platforms and business environments. At its core, he will ensure appropriate information security operations while driving performance efficiencies based on the appropriate risk to technology and business environments.
The SecOps manager will interact with all levels of personnel to implement tools and controls that reflect business and operational needs balanced with legal and regulatory requirements and risks. This position will be responsible for the Information security operations program that defines how information security technical controls are managed and measured. The responsibilities include developing programs such as vulnerability assessment and management, vendor management, security monitoring, security metrics and reporting and security design incident response programs to react to risks from cyber threat sources response.
Responsibilities and Duties:
Ensure that a defined information security program is in place and monitoring of information technology security practices occurs.
Manage the effectiveness of the information security program technologies, including progress on remedial actions, and serve as an internal information security consultant and subject matter expert
Manage information security risks by routine assessments and developing a vulnerability and patch management plan and implementing the required controls
Produce scheduled reports of the status of IT’s compliance with the information security program, contractual requirements and globally-recognized standards and guidelines
Participate in risk assessments and the development of risk management plans
Ensure the ongoing integration of information security with business strategies and requirements
Lead all information security implementation projects and provide hands-on support
Work with the incident response team to contain and investigate security events, and prevent future information security breaches with detailed root cause analysis
Develop remediation plans for process/policy related information security vulnerabilities
Develop and maintain technology, operations roadmaps for security infrastructure components, including but not limited to intrusion prevention/detection, data security, identity and access management, IT/network security, security information & event management, vulnerability management, code review, etc.
Partner with other Information Security leadership team members to collectively build and drive the Information Security Program, Strategy, and Roadmap
10+ years’ experience in information technology; 5+ in leading an information security operations
5+ years of progressive information security work experience
Demonstrated experience in developing and leading security programs in a multi-platform environment
Demonstrated experience with managing people across multiple roles and functions and in a global environment.
Strong hands-on experience in implementing and operating security solutions
Deep understanding of IT infrastructure and systems
Deep understanding of application security
Ability to train, manage and assist co-workers and direct reports on all aspects of the program build and evolution
Superior written, presentation, and verbal communication skills
Exceptional organizational, interpersonal and team skills
Ownership orientation to solving problems
Information governance, data security, information privacy responsibility
Education Bachelor’s degree in computer science or related area
Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.)
Experience with MRC accreditation and deep understanding of the online advertising industry and ad platforms (networks, DSPs, ATDs, SSPs, Exchanges)