OSI Systems, Inc. is a vertically integrated designer and manufacturer of specialized electronic systems and components for critical applications. We sell our products and provide related services in diversified markets, including homeland security, healthcare, defense, and aerospace. As a global company, we are dedicated to creating and developing solutions for our customers and the people they serve to lead the way to a safer and healthier world.
OSI Systems, Inc. is currently seeking a highly skilled Manager, Information Security Operations to join the IT leadership team and help lead the evolution of electronic information security in OSI Systems, Inc. The Manager, Information Security Operations will enhance and oversee the global information security operations activities of a diverse and decentralized computing environment.
The Manager, Information Security Operations is accountable for the management of the global security operations including incident response, security technologies management and change management. The Manager, Information Security Operations will lead the security operations team to ensure operating environments are maintained to optimal performance and meet defined service levels. Key success criteria in this position are: an in-depth understanding and management of global information security, security technologies such as intrusion detection and content filtering, threat patterns, security architecture, application architecture, and compliance criteria. This role will anticipate Information Security industry future direction, implement best practices, operational discipline and integrate appropriate changes as business needs require.
- Accountable for the 24x7x365 availability and management of global security systems
- Global incident management and handling for security incidents including problem detection, situation management and service recovery
- Problem management for isolating root cause of incidents as well as collaborating with application and infrastructure teams to ensure repeat service interruptions are avoided
- Continuous improvement of security operations processes and procedures
- Continuous improvement of recovery processes, system documentation, automation and monitoring
- Training of global security operations team
- Regular generation of reporting and metrics
- Oversight of 3rd party vendors and managing security vendors and partners
- Assignment and tracking of change related to or impacting security devices
- IT Security forensic support for investigative purposes
- Performance of vulnerability scans and coordination of remediation efforts
- Asset and configuration management of global security systems
Security Technology Management and Thought Leadership
- Leadership and management of security technologies including daily activities, reporting and capacity forecasting
- Participation in business and IT initiatives as a security expert, providing guidance to others on proper security practices and best practice approaches
- Maintenance of knowledge and staying abreast of the latest in security intelligence and methodologies
- Providing input to the global IT Security Strategy aligned with business goals
- Identification of external resources, i.e. vendors, products or services, that may assist in meeting security objectives or lower security costs
- Evaluation of and feedback on the security aspects of non-security related technology, e.g. software applications, software tools, hardware, appliances, services, etc.
- Definition and development of security related processes for the department and company that can be deployed on a global basis
- Monitoring and management of the security posture of company IT and related data assets to ensure internal security controls are appropriate and operating as intended
Risk Management and Reporting
- Communication of key risks and issues via a metric based model
- Periodic review and trending of monitoring and logs for irregularities.
- Development and execution of security metric reporting to ensure business and senior leadership have a proper view of current security state and risks, globally
- Execution of security assessments of requested or planned IT implementations against corporate security policies
- Identification of potential security risks in all aspects of the business including technical implementations (applications or equipment) and IT or business process
- Understanding and helping the organization meet regulatory compliance and conformance
- Participation in internal audits and other 3rd party audits of company’s security practices
Group and Project Management Capabilities
- Maintenance of security operations budget
- Employee development and mentorship and performance management
- Coordination and execution of security projects as defined in the IT Security Strategy
- Contribution to user security awareness training and other user communications
- Uphold the company’s core values of Integrity, Innovation, Accountability, and Teamwork
- Demonstrate behavior consistent with the company’s Code of Ethics and Conduct
- It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem
- Duties may be modified or assigned at any time to meet the needs of the business.
- The role requires a combination of expert-level specialized technical and analytical professional IT security skills with the ability to maintain security and confidentiality when dealing with highly sensitive information.
- University degree (or equivalent experience) in Computer Science, Engineering, or other technical field, or Business Administration with relevant IT work experience.
- 5 years minimum experience leading a broad enterprise security initiative
- 2 years minimum experience in a manager level or lead security operations role
- Strong knowledge of security, firewalls, server administration, databases, VMware, Citrix and legacy Windows operating systems
- Deep technical knowledge in information technologies; should be experienced with operating systems, networking, database and acutely aware of global business environments
- Familiarity with emerging threats and mediation of these risks.
- Deep understanding of security risks and threats as they relate to the company’s operating environments
- Deep understanding of compliance to security policies and procedures, especially implementation of NIST security standards (800-53, 800-171).
- Understanding of ITIL and its practical application
- Demonstrated competency in strategic thinking and leadership with strong abilities in relationship management
- Demonstrated competency in managing third party providers in security technology operations
- Strong knowledge of the intricacies of networking, cloud based solutions and Internet based protocols
- Strong written and oral communication skills, with capability to use Microsoft Office solutions
- Ability to collaborate with team members in a cross functional and matrix IT organization
Must be US Persons based on ITAR definition (US Citizen or Permanent Resident)*
*This position is expected to be exposed to information which is subject to US export control regulations, i.e. the International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR). All applicants must be U.S. persons within the meaning of U.S. regulations.