Security Operations Manager
United Network for Organ Sharing (UNOS) · Richmond, VA · 2 wk ago
Information TechnologyFull-time
Key Responsibilities
- Develop UNOS’ cyber security posture and lead continuous evolution of capabilities to protect and preserve critical information
- Conceive, architect, and direct implementation of the systems and processes that provide detective, preventive and corrective infrastructure controls for all UNOS operating environments
- Own the strategic vision for UNOS’ infrastructure security architecture, including policy and frameworks, and ensure that they are aligned with overall business, IT, and operational strategies
- Develop and maintain information security architectural goals and roadmap
- Support secure development lifecycle practices that emphasize early security design review to ensure that rapid iteration stays firmly planted in a strong security foundation
- Partner with the Enterprise Architecture team, being the security subject matter expert and lead for technical design of information security systems and architecture
- Perform ongoing evaluation and assessment of the business need for information security systems and make recommendations to change the architectural roadmap
- Develop security solutions by analyzing information requirements; determining systems architecture, components, and technologies; studying business operations and user-interface requirements
- Thorough knowledge of, and experience with industry, best-practice approaches to information security, information assurance (e.g. SOC 2 Type II, NIST SP 800-171) and risk management
- Develop analytical models and complete validation tests to confirm security architecture capability and flexibility
- Test design features to determine success of design of solutions and impact to business needs
- Work with technology teams in Infrastructure, Data and Software Engineering and Business Development to ensure architecture goals are coordinated in all areas
- Remain current with information and cyber security technologies and trends
- Provide consultative resources to project teams to ensure security architectural goals are being met
- Participate in project initiation to provide mentoring and guidance on secure design
- Lead, mentor and train staff on information security technologies and processes
- Coach the Security Operations team in management of information security tools (e.g. Splunk, CrowdStrike, Tenable)
- Oversee Security Incident Response program, including training and regular testing
- Participate in regular process improvement activities and operational metrics design and tracking
- Act as the escalation point for chronic and high impact security operations support issues and assist in development of mitigation plans
Minimum Requirements
- 5+ years of technical experience working in the Information and Cyber Security field required. 7-10 years preferred.
- 2+ years demonstrated success in managing a 24/7 security or technical operations team.
- 5+ years of overall people management preferred.
Critical Skills
- Ability to analyze systems based on business and technical user stories/requirements to design solutions that best meet the overall objectives of stakeholders
- Ability to strategically analyze and articulate risks, benefits and opportunities associated with a proposed design or solution
- Demonstrated ability to design and implement complex infrastructure, applications, networks and systems with the goal of meeting business and security objectives
- Demonstrated ability to design modifications to existing systems that improve security without compromising business objectives
- Demonstrated ability to design complex information security systems that impact multiple domains across Service Operations and Software Engineering
- Champion information security throughout the organization
- Ability to estimate total costs of proposed solutions, including effort, acquisition costs and on-going costs
Additional Skills & Qualifications
- Experience leading multiple large projects, leading definition, selection and implementation of security tools, technologies and processes
- Hands-on experience implementing and administering information security, infrastructure and software systems
- Experience evaluating potential solutions, selecting and recommending the best solution
- Experience producing design documents that are used by others to effectively implement solutions
- Experience designing and implementing security technologies, such as IDS/IPS, SIEM, access controls, encryption and forensic tools
- Experience managing vendor relationships
Education
- 4-year degree in Computer Science/Engineering, IT or other related fields of study, or equivalent work experience
Physical Requirements
- General office demands
- Prolonged periods of sitting at a desk and working on a computer
- Frequent reaching, handling, and fine manipulation for using office equipment, filing, and managing paperwork
- Manual dexterity sufficient to operate a keyboard, mouse, and other office tools
- Occasional standing, walking, and bending
- Ability to lift up to 10-20 pounds occasionally
- Vision abilities required include close vision for computer work and reading documents
- Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions