The Cybersecurity Manager bears the responsibility of managing and ensuring that Ashford/Remington security infrastructure and products are running optimally, effectively and capable of defending against the latest cyber-attacks, data leakage, insider threats and unauthorized access. The Cybersecurity Manager creates and develops security measures to safeguard information against accidental or unauthorized modification, destruction or disclosure. Coordinates with management, programmers, risk assessment staff, auditors, facilities and other security departments to identify and plan for security in all aspects of data, applications, hardware, telecommunications and computer installations. Manages and directs the complex areas of data security, threat and vulnerability management, security auditing and analysis, risk assessment, compliance and agency-wide security awareness and maintenance of the Information Security Program. Formulates policies and procedures, which have significant impact on computer operations and systems development lifecycle. Responsible for consistent communications and interface with all levels of management and vendors. Leads the company’s incident response activities, including training objectives.
- Manage a staff of direct reports, while being hands-on in the execution of certain tasks.
- Document and organize (business) processes, as well as the related reference data, and re-design these processes in a cross-functional optimal flow, taking into account separation of duties.
- Participates in team meetings and performs normal project communication duties such as executive status reporting.
- Preparing accurate and detailed Process Description documents, Graphical representations of workflows, and functional specifications in the form of SOP’s.
- Interacting extensively with internal and/or external customers.
- Coordinate internal resources and third parties/vendors for the execution of projects, focused on achieving the best outcome for the company, not necessarily the project
- Ensure that all projects are delivered on-time, within scope and within budget
- Assist in the definition of project scope and objectives, involving all relevant stakeholders and ensuring technical feasibility
- Performs the role of liaison between the department and critical functional areas such as Risk Management, including cybersecurity insurance.
- As a member of the Audit Committee, ensures proper adherence to IT Governance and Cybersecurity principles along with performing the role of liaison between company owned properties and management companies.
- Develop, maintain and utilize system for tracking all audit results (proactive and reactive).
- Use tools to monitor and alert on potential security risks (IDS, IPS, scans, malware, viruses, etc.). Take appropriate action to resolve all issues.
- Administer the company’s Information Security Program.
- Administer the company’s Security Awareness Training Program and periodic campaigns.
- Administer a Disaster Recovery Program that aligns with the company’s Operations Plan.
- Maintain and submit the Company Strategic and Operational IT Security Plans, in accordance state and federal guidelines.
- Develop, and periodically update, written security policies and procedures. Including a process for detecting, reporting and responding to threats, breaches or IT security incidents that are consistent with the security rule, guidelines and processes established by the company, CIO and CISO.
- Implement managerial, operational and technical safeguards to address identified risks to the data, information and information technology resources of the company.
- Conduct periodic internal audits and evaluations of the company’s IT security program for the data, information and information technology resources of the company.
- Assist leadership on technical and project-specific initiatives related to cybersecurity.
- Manage security projects and assists in project management team activities related to planning, development, implementation and coordination of security aspects of information technology projects.
- Evaluate security product enhancements to ensure continuous improvement.
- Participate in the change management process.
- Establish and lead Computer Security Incident Response Team (CSIRT) for all IT security incidents and breaches.
- Communicate with Executive Management regarding security issues and risks, providing recommended actions.
- Report all IT security incidents and breaches to the CISO. For IT security breaches, provide notice in accordance with company policies.
- Manage vendor and consultant relationships; foster partnerships and make recommendations when needed.
- Provide quality customer service to internal and external customers.
- Travel to property locations as needed.
- Other duties as assigned.
- Bachelor’s degree in Computer Science or related field. Related work experience may substitute for some years of education.
- Minimum 5 years of IT security management work experience, some of which was in a medium to large, global environment
- Need a thorough understanding of the business, its goals & objectives, business processes and organization.
- Need the ability to build and maintain relationships with peers in the company and build interdependent planning, execution and feedback loops.
- Be able to see the company big picture and impact of events & occurrences on operational processes with the ability to take adequate action to ensure uninterrupted processes, while ensuring on time and on budget delivery of projects.
- The ability to set personnel and departmental goals & objectives, communicate, track & report on them in all directions. (up – superiors) , (side – peers) and (down –subordinates)
- Be able to report on important milestones, developments and projects that affect the business in terms understandable to the business.
- Maintain a functional dashboard for others to gauge state, status and progress of activities and projects.
- Highly desired vendor technologies: Cisco VPN’s, Cisco/SonicWall firewalls, Cisco wireless, Citrix, VMware and Cloud Access Security Brokers.
- One or more certificates (CISA, CISSP, etc.) preferred
- Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP Networks.
- Expert understanding of a wide variety of cyber security incidents related to network intrusions, web-based attacks, malicious emails, root and user level compromises, malware, botnet infections and other anomalous activity.
- Expert understanding of existing and evolving Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS), Protected Health Information (PHI) and state regulatory requirements as well as NIST Cybersecurity framework and underlying publications.
- Proficient with Dell SonicWall firewall and Cisco ASA administration and configuration.
- Proficient with Dell and Cisco switch administration and configuration.
- Ability to identify complex problems and review related information to develop and evaluate options and implement solutions.
- Proven analytical and problem-solving abilities.
- Adept at reading, writing and interpreting technical documentation and procedure manuals.
- Keen attention to detail.
- Strong interpersonal and oral communication skills.
- Ability to communicate with immediate supervisor and other team members in order to receive/direct all work instructions and express any questions or concerns as required.
- Comply with all written and stated company ethics and safety policies and procedures.
- Report all unsafe and unethical violations to immediate supervisor or Human Resources.
- Ability to plan and prioritize workload to meet implementation schedules and minimize schedule conflicts.
- Ability to analyze current processes and develop plans for implementation of new technology and/or processes.
: United States-Texas-Dallas-Remington Corporate
14185 Dallas Parkway Suite 1150
: Information Systems
: Remington Corporate
: Day Job