STR is hiring a Cybersecurity Manager to lead the technical and compliance role on the Enterprise IT team responsible for ensuring that the company's information resources are secure from unauthorized access, protected from inappropriate alteration, physically secure, compliant and available to users in a timely fashion. The Cybersecurity Manager is responsible for designing, implementing, supporting and maintaining policies and security solutions in both operational and customer hosted environments. This position is perfect for an organized, action-oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously, strong communication, technical skills and customer focus is required.
What you’ll do:
Who you are:
What you’ll do:
- Lead IT/InfoSec projects, identifying and communicating risks specific to the project, and actions necessary for remediation including recommendations for logical access controls, secure application configuration, general secure data handling processes.
- Support the development, implementation, and management of security policies/procedures to ensure they remain aligned with business objectives/meet regulatory requirements.
- Manage the day-to-day security systems operations, including the log reviews and following up on any security alerts.
- Manage the Incident Response Plan, leads the Incident Response team during all cybersecurity incidents, and represents the InfoSec team on all other security incidents.
- Correlate threat information from various sources including security incidents raised by the user community including phishing attempts, malware outbreaks, unauthorized access attempts as well as security alerting sources.
- Research and assessing new threats and security alerts and recommend remedial actions.
- Proactive scanning of systems and networks to ensure that vulnerabilities are identified and oversee remediation, including the configuration of scan sites, scheduling of scans, production of reports, interpretation and communication of results.
- Provide expertise and support to ensure the company’s security framework remains in compliance with applicable regulations including evolving data privacy regulations.
- Provide support with third party security risk assessments/IT audit and provides tracking for findings, resolution.
- Support the development, implementation and management of cybersecurity knowledgebase.
- Serve as an internal information security lead and consultant to the organization, providing guidance and support for business inquiries, requests.
- Serve as a primary point of contact with STR’s cybersecurity partner.
- Perform additional duties and projects as assigned.
Who you are:
- US Citizen with the ability to obtain a Security Clearance
- BS/BA degree in Computer Information Systems/Management Information Systems or related discipline or equivalent
- 5 - 7 years related work experience in information security governance and/or related functions such as IT audit and IT Risk Management.
- Strong technical background with a variety of information security systems and tools including firewalls, intrusion detection systems, intrusion prevention systems, vulnerability management, intrusion detection and prevention, cloud access security broker, anti-virus/malware, data loss prevention.
- Experience designing and implementing controls within corporate networks to include computer and network security and operating systems such as UNIX, Linux, MAC, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection.
- Excellent analytical skills in order to identify security risks and appropriate measures needed to help mitigate those risks. Must be comfortable in conducting independent research of issues and inquiries to provide guidance when requested.
- Experience with system implementations, identification of security related risks and development of recommended actions for remediation.
- Experience with Security Incident Response including hands on involvement in detection, analysis, containment and remediation phases.
- Knowledgeable with information security management frameworks such as AT101 SOC 2, ISO, ITIL, CobiT and knowledge of NIST 800.171 to include development of policies, process and procedures within the environment.
- DoD 8570 Certs - CISA, CISM, CRISC, CISSP, or similar security certification.
- Your verbal and written communication skills are stellar and allow you to develop positive relationships and effectively communicate with employees, customers, auditors, partners and all levels of management.
- You can be flexible with your work schedule on occasion in order to provide support/complete assigned projects (e.g., upgrades, installations) during non-business hours.
- You’re an effective project manager with the skills and the ability to proactively problem solve.
- You pay attention to detail and can handle and prioritize multiple activities.
- You have the capacity to learn quickly and comprehend highly technical detailed information.
- You’re trusted to handle sensitive information in a highly confidential manner.
- Your demeanor is professional as is your interaction with all customers.
- You enjoy working in a team-oriented environment as well as independently.