Description

The Manager, Security Engineering will manage the people, process, and technology relative to the Firm's security engineering group, which includes Tier 3 engineering functions such as architecture, control standards, design, support, and assessment.  Engineering activities will be performed in accordance with the Firm's business objectives, regulatory requirements, and strategic goals. The position is the process owner for all security engineering-related projects and activities within the Firm. The primary focus is the protection of data, systems, and facilities to ensure the protection, confidentiality, and integrity of the Firm in compliance with organizational policies and standard.

 

 
Responsibilities:
 
  • Maintain the Firm's Security Engineering people, process, and technology infrastructure, including creation and review of Security Engineering standards, guidelines, and operating procedures
  • Manage the Engineering group, transforming executive priorities into operational initiatives
  • Work closely with the Security Operations and GRC teams to define, develop and facilitate efficient and effective service delivery to constituent organizations
  • Meet published SLA's relative to the provisioning and support of security operations and security incident response activities
  • Provide input to global standards, guidelines and procedures.  Author standards, guidelines and procedures relative to the Engineering function
  • Understand Firm policies and standards and be capable of conveying those requirements to end users in a non-confrontational manner
  • Enforce, monitor, and report on compliance with the Firm's ISMS
  • Maintain assigned systems to ensure availability, reliability, and integrity, including the oversight of current and projected capacity, performance, and licensing
  • Provide status reports and relevant metrics to the Director of Security Engineering
  • Critically analyze proposed and existing solutions for adherence to the Firm's design requirements, including requirements resulting from the ISMS Policy, client contracts, the regulatory environment, and professional obligations
  • Provide expert counsel to constituents regarding their information security obligations and facilitate an acceptable outcome based upon the tenets of the Firm's Risk Management Framework; frequent interfacing with technical, legal, and business operations personnel is expected
  • Strike an appropriate balance between strategic leadership and operational contributions by utilizing a hands-on approach to solving problems and meeting deliverables
  • Monitor the latest developments in Security and utilize that knowledge for continual improvement by providing formal and informal strategic and tactical plans and roadmaps to the Director of Security Engineering
  • Provide input, create documentation, and review information security policies and procedures
  • Provide high quality, business-level reports to management
  • Contribute to the Firm's security-related information repositories (web, database, SharePoint)
  • Participate in the definition of the organization’s IT disaster recovery and continuity plans for security event management systems
  • Analyse, recommend, and implement controls as determined necessary by management
  • Initiate, facilitate, and promote activities to foster information security awareness within the organization
  • Liaise with system and business owners to ensure new platforms are developed securely and existing platforms remain secure
  • Mentor members of the Engineering group
 
Skills and Experience:
 
  • Excellent verbal and written communication skills, including comfort with speaking in a group setting
  • Extensive professional experience with advanced information IT and security systems, including TCP/IP networking, scripting, and incident handling
  • Strong grasp of cloud platforms and associated security concerns and controls
  • Experience managing cyber security solutions and teams in a large multinational enterprise
  • Ability to act in an advisory capacity to multiple constituencies
  • Expert understanding of security concepts, technologies, controls, and best practices
  • Working knowledge of information security frameworks such as ISO27001, NIST, and CIS
  • Authoritative understanding of security threats, qualitative and quantitative risk valuation models, and effective tools, tactics, and techniques for risk reduction
  • Thorough knowledge of computer monitoring systems, endpoint security controls, vendor-supplied packaged programs, macros, utilities, and other highly technical programs
  • Expert analysis skills, including the gathering and analyzing of facts, formulating objective conclusions modified by subjective and experience-based qualifiers when appropriate, defining problems, and promoting solutions
  • Maintain critical thinking and composure under pressure
  • Ability to set priorities independently given broad executive requirements
  • Demonstrate flexibility in response to the ever-changing priorities of a service provider organization
  • Apply a rigorous and disciplined approach to operational oversight
  • Passionate in the practice and pursuit of customer service excellence
  • Computer Science Bachelor’s Degree or substantial equivalent experience
  • CISSP, SSCP, CISM, CRISC, or CGEIT preferred
  • Proficient in oral and written English