Randstad IT Security Operations Manager in Milpitas, California
IT Security Operations Manager
salary:$120,000 - $135,000 per year
date posted:Friday, August 4, 2017
IT Security Operations Manager
As an IT Security Operations Manager you will provide leadership to the IT Security and Operations internal and outsourced teams and use your knowledge and experience to ensure the availability, confidentiality and integrity of data in the company's systems and applications environments both internally used and customer SaaS environments - developing and managing the processes in identifying potential weaknesses, assessing risk and outlining remediation strategies. In this role, you will work with diverse areas of the organization, enforcing and assessing the effectiveness and relevance of policies, assisting in the development and delivery of IT security controls, best practices, architecture and systems to ensure security across the enterprise.
Manages and provides effective leadership to the security operations team and ensure that internal and outsourced resources are appropriately and efficiently allocated and utilized to key areas of the operations
Responsible for enforcement and adherence to all applicable IT security policies, standards, and practices to ensure the availability, integrity and confidentiality of information residing in corporate and customer SaaS environments.
Assess the effectiveness, review for relevancy and enforce all IT security policies and procedures, including those for customer SaaS environments, vendors, contractors and corporate end users.
Ensure that all physical and technological security and privacy controls are properly implemented, efficiently operated and managed.
Advisor to IT leadership in the areas of security capabilities, vulnerabilities, current and emerging threats and the level of risk. Design and implement security system and end user activity audits.
Provide oversight for guidance and subject matter expertise on IT security technologies and compliance with HIPAA and HITECH regulations
Participate in the Change Management and Control process as a subject matter expert in analyzing and mitigating risks associated to environment, infrastructure, database and application changes.
Monitor for changes in local, state and federal regulations and accreditation standards affecting information security and make recommendations to Senior Director and other organizational leaders on the need for policy changes.
Manage the continuous monitoring and analysis of security alerts and logs and develop the processes to react to alerts appropriately. Achieve systems security operational objectives by contributing information and recommendations to strategic plans; preparing and completing action plans, resolving problems, completing audits, identifying trends, determining system improvements, and implementing change.
Manage and drive identification and remediation of information systems vulnerabilities.
Continually evaluate systems security capabilities and identify gaps in those defenses and capabilities then pursue solutions to close those gaps.
Stay abreast and continually evaluate new and emerging threats to ensure proper defenses are in place to protect the organization's systems and data.
Identify new trends in appropriate technical areas and understand the options available on those spaces.
Participate and lead certain activities sanctioned by the Security and Privacy Committee, with third party security auditors and consultants in executing the annual risk assessment exercises, SOC 2, Type II assessments and other security testing and audits.
Propagate security awareness among employees.
Recommends purchase and ensures timely renewal of all necessary hardware and software licenses and support.
Compile, create and publish reports for availability, security and other metrics important and relevant for IT security and operations management.
Experience and Qualifications
College diploma or university degree in the field of information security, computer science or computer related field.
5 - 7 years of work experience in the IT security field, with at least 3 years in an IT security management role, with knowledge and experience across all 10 security domains.
At least 1 year of experience in implementing security controls and systems within a cloud infrastructure such as Microsoft Azure and Amazon AWS.
Knowledge of Information Security / Risk Management best practices in a HIPAA and HITECH regulated environment.
Working experience working with network and IS security components, including Cisco and WatchGuard firewalls, Cisco FirePower intrusion detection/prevention systems, anti-virus software, data encryption, and other industry-standard techniques and practices.
Experience on IT Infrastructure: data center, networks (voice and data and LAN), SSL certificates and administration of PKI.
Working experience with network, system and application vulnerability assessment and scanning tools such as Nmap, Nessus, Nipper and others.
Working experience with auditing or SIEM solutions such as Oracle AuditVault, LogRhythm, and Splunk.
Working experience with network, system and application monitoring solutions such as ManageEngine APM and OpManager, HP SiteScope and other SNMP/SSH/WMI based monitoring systems.
Intuition and keen instincts to arrest and pre-empt attacks.
Independent decision making ability and overall project coordination skills.
The ideal candidate will have a strong process and procedural background and have sufficient knowledge of the processes required to support the business goals.
Critical skills and characteristics for on-the-job success: self-starter; analytical problem solving and risk identification/mitigation; sense of urgency; sense of accountability; excellent communication.
Certifications such as CISSP, CISM, CEH, Security+ is highly desirable.
Highly organized approach to projects. Project management experience is a plus.
Excellent communication skills, both written and oral
Ability to construct meaningful documents and procedures.
Ability to work independently and drive progressive change in the organization
Ability to be an advocate for Information Security in the organization
Excellent integrity and work ethic
Professional demeanor, excellent communication skills, and strong presentation skills
Proficiency with MS Office and Visio