Reporting to the Director of Security Operations, this role is responsible for establishing and managing corporate wide efforts in the areas of security tools administration, security policy, and security governance with a focus on end point security. This position will work with stakeholders to understand threats unique to each business unit or application. The Manager will collaborate with technology, security, development and product management groups across the corporation to drive successful execution of the overall security life cycle program to ensure an appropriate enterprise security posture.
General IT knowledge is required. A solid understanding of end point OS and applications, IP networks, and various security tools and functionality are critical. Candidates should be able to participate in technical discussions with IT personnel and have the ability to quickly understand the legacy and emerging technologies to include network, server level OS, end points, and key applications.
- Lead team of security engineers on a daily basis; delegate tasks as required. Collaborate with larger security department when required.
- Collaborate with Corp IT partners to drive visibility of all aspects of end point protection.
- Provide leadership as an internal subject matter expert with respect to security engineering, policy and decision-making processes to ensure alignment with FICO’s business model and enterprise risk strategy.
- Responsible for end point-based vulnerability management and publishing security advisories, which include both externally and internally, reported vulnerabilities.
- Participate in the development and implementation of new business initiatives involving security to ensure compliance with established policies.
- Partner with IT, Security and product teams towards resolution and holding teams accountable to targeted resolution dates. Additionally, partner with development and product teams to inform them of changes needed to the application to correct vulnerabilities.
- Contribute and potentially conduct recurring meetings to communicate security status to applicable partner organizations for timely remediation.
- Maintain and direct execution of the security posture including the delivery of enterprise wide vulnerability assessments, manage the communication, management, and resolution of findings across the enterprise and to external stakeholders.
- Establish and monitor the appropriate configuration standards, based on CIS, to ensure baselines are being met and compliance drift is managed.
- Continuous review of configuration management and vulnerability management posture inside the company and knowledge of all external developments that could impact the CMVM posture, including vendor patches, zero-day exploits, end-of-life systems or deprecated services.
- Provide guidance to business functions on compliance/security-related matters.
- Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings.
- Initiate improvement activity to reduce risk, ensure compliance, lower cost, and improve quality within IT processes.
- Conduct/support periodic risk assessments and develop appropriate mitigation plans in support of deliverables.
- Author new and revise existing policies and procedures to support new technology implementation programs.
- Bachelor’s degree in Computer Science or related field; equivalent work experience is acceptable
- 5+ years’ experience in support of information technology teams/systems (MAC and Windows), networks, or related business processes
- CCIE, CISSP, CISM, or another similar info security/IT certification is desired.
- Demonstrates subject-matter expert level understanding in multiple IT, security and software disciplines.
- Ability to understand the cause and effect of application vulnerabilities with operating system vulnerabilities.
- Must be able to multi-task and keep track of large amounts of information.
- Ability to keep making progress and define future strategy/policy with regards to security posture.
- Adherent to ‘continuous monitoring’ and ‘continuous improvement’ thought process.
- Demonstrated technical security expertise in a variety of cloud platforms (AWS is preferred).
- Proven track record of decision-making and leadership with matrixed teams.
- Comfortable interfacing with other internal or external organizations regarding problems that must be addressed to enhance security posture.
- Ability to effectively translate and present solutions in business or management terms.
- Ability to work effectively in a team environment and mentor less experienced staff.
- Ability to work independently with minimal supervision.
Our offer to you:
- A culture and work environment strongly reflecting our core values: Act Like an Owner, Delight Our Customers and Earn the Respect of Others.
- The opportunity to make a difference by leveraging your unique strengths.
- Highly competitive compensation and rewards.
- Flexible work options, opportunities to give back to your community, social events with colleagues and a comprehensive benefits program inclusive of progressive parental leave.