Job Description
Summary
The Cybersecurity Risk and Operations Manager collaborates with the CISO in creating and reviewing strategic plans for the continuous development of Logicalis’s Cybersecurity program. As a skilled cybersecurity leader, they are responsible for guiding the operations of the Cybersecurity program. This includes developing, executing, auditing, and maintaining security controls, defenses, and countermeasures to intercept and prevent attempts to infiltrate company data.
Essential Duties and Responsibilities
1. Establishes operational objectives and work plans to determine expectations for goal attainment.
2. Works closely with business leaders, performing due diligence, to ensure security controls are in place.
3. Acts as the Project Manager for Cyber Remediation Workgroup. Ensuring KPI’s are tracked and key target dates are met.
4. Fosters a culture of Security by Design across business teams and peers.
Risk & Audit
5. Leads and prepares for annual audits – SSAE21, ISO, and CMMC.
6. Lead efforts of our third-party compliance team. Reviewing control gaps and POAM activities, ensuring quarterly control reviews are completed, and third party vendor assessments.
7. Responsible for reporting operational Cybersecurity risk and vulnerability metrics to the CISO.
8. Works closely with business leaders, performing due diligence, to ensure security controls are in place.
9. Continuously reviews industry-related security and regulatory topics.
10. Assists with customer security concerns, questionnaire requests, security addendums, and facilitates customer meetings.
11. Suggests appropriate Cybersecurity awareness and training resources.
12. Suggests and develops improvements to policies and standards.
13. Assists with customer questionnaire requests, security addendums, and facilitates customer meetings
Security Operations
14. Performs security architecture reviews for Cloud (Azure), SaaS, API’s, hybrid, and/or on-premise deployments.
15. Reports performance metrics for security operations.
16. Leads the incident management program.
17. Leads the vulnerability management program.
18. Manages the Security information and event management (SIEM) managed service relationship.
General
19. Demonstrates and actively promotes an understanding and commitment to the mission of Logicalis through performing behaviors consistent with the organization's values.
20. Maintains a working knowledge of applicable Federal, State, and Local laws and regulations as well as policies and procedures of Logicalis in order to ensure adherence in a manner that reflects honest, ethical and professional behaviors.
21. Supports and conducts self in a manner consistent with customer service expectations.
Supervisory Responsibilities
This job has no supervisory responsibilities.
Qualifications
To perform this job successfully, an individual should be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education/Experience/Technical Requirements/Certifications
Equivalent combination accepted.
Education
22. Bachelor's or Master’s degree in Computer Science or related field
Experience / Technical Requirements
23. 8+ years of professional experience in cybersecurity or security auditing.
24. 2+ years of management experience in a technology field.
25. Experience with performing third party and internal control assessments.
26. Knowledge of security control frameworks such as NIST CSF, ISO, NIST -.
27. Knowledge of and experience of cyber threats, penetration testing, and vulnerability assessments.
28. Basic understanding of security standards and regulatory requirements such as SSAE21, HIPAA, CMMC, and CJIS.
29. Experience working with Managed Service Providers (MSPs).
Other Skills and Abilities
30. Able to lead a cooperative effort among members of a team and across departments to deliver results on time and within scope.
31. Able to negotiate with customers and management.
32. Able to communicate and discuss technical information in a way that establishes rapport, persuades others, and gains understanding.
33. Great presentation and facilitation skills.
34. Self-motivated and well organized. Must be able to prioritize tasks and work well under pressure.
35. Constructively debate issues and connect the dots across various assessments (examples include assessments of new initiatives, scenario analysis, challenge of proposed mitigation plans and risk acceptances, etc.)
36. Comfortable raising concerns early and knows when to escalate, including the ability to raise issues and facilitate constructive problem-solving at all levels of the organization.
37. Comfortable communicating and responding to client requests on security.
38. Constructively debate issues and connect the dots across various assessments (examples include assessments of new initiatives, scenario analysis, challenge of proposed mitigation plans and risk acceptances, etc.)
Physical Demands
The physical demands described here are representative of those that should be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this Job, the employee is constantly required to sit, talk, see, hear, and use hands and arms. The employee is frequently required to stand; move about, climb steps or balance and stoop, kneel, crouch, or crawl. The employee may occasionally lift and/or move up to 10 pounds.
The above statements describe the general nature and level of work being performed by individuals assigned to this classification. This is not intended to be an exhaustive list of all responsibilities and duties required of personnel so classified.
Logicalis is an Equal Opportunity Employer. It is our policy to employ people who are qualified by reason of education, training, experience, and demonstrated performance. We value inclusion and belonging at our company. We do not discriminate on the basis of race, color, religion, national origin, sexual orientation, gender identity and gender expression, marital status, age, height, weight, disability, veteran status, or any other reason prohibited by applicable federal or state laws.
Salary Compensation Range: $, to $, plus bonus