USEReady has a great career opportunity for a Senior Manager of Cybersecurity in NY City. The ideal candidate will be responsible for the operational InfoSec delivery and leadership in support of operations in North America and South America. You will have hands-on responsibilities as well as be an active team leader to identify, monitor, report and remediate information security risks. You will partner with peers from the Infrastructure group and across the wider IT organization to support InfoSec needs on global and regional projects, ensuring alignment with the strategy set forth by the Group CISO and be a proactive thought leader on ongoing information security operations. You will also manage and deliver the Group's Cybersecurity transformation programs as well as oversee the day to day SecOps duties. You will also be the designated Information Security Single Point of Contact (SPOC) across the region, able to influence and interact with all levels of the business, including senior leadership as it pertains to Information Security topics and projects critical to the company's data and network security.Required Skills:6+ years of experience in IT or Security ManagementDemonstrated proficiency in planning, reporting, establishing goals and objectives, standards and priorities.Experience with compliance management and certification (PCI, GDPR) In-depth knowledge of security best practices (encryption, data protection, design, privilege access, etc.) Experience with managing and implementing standard security technologies (DLP, MDM, SIEM, AV, IDS). Experience with file management access tool such as Varonis and has ability to drive data owner entitlement review process Knowledge of network technologies (protocols, design concepts, access control).BA or equivalent in related field.Responsibilities: Serve as the Regional Information Security Single Point of Contact (SPOC) in all matters of information security and aligning with the Global Cybersecurity programs and strategies. Work closely with the Internal Control department and align efforts to make sure that all Information Technology matters are compliant to both the Group's standards and local regulations. Implement and manage the company's Information Security Incident response procedure and lead the program for the region. Provide Information Security consultancy to the business about technology related initiatives. Manage the on-boarding of technology solutions ensuring they align with the company's security policies, guidelines, and Global IT infosec expectations. Work with all parties including project sponsors, vendors, IT operations, and the Global InfoSec team to validate projects Drive projects and initiatives outlined within the Global Cybersecurity roadmap providing tactical project management guidance and coordinating efforts between different resources and parties Proactively monitor and routinely audit compliance to all information security procedures and policies and ensure consistency of internal controls across departments Lead remediation process for all security related gaps identified during Internal audit reviews as well as reviews performed by third party entities and auditors, and per direction of the Group CISO Help align regional processes and procedures as well as network and system standards to the company's IT global group standards Drive annual PCI compliance certification and oversee all related controls and documentation management. Support other regulatory initiatives such as GDPR and CCPA remediation as necessary. Manage a team of security specialists consisting of fulltime and consultant security personnel. Manage the ongoing vulnerability scanning and assessment process and partners with the rest of IT and third parties to resolve vulnerabilities in a timely manner to maintain compliance Partner with the rest of the IT organization to ensure effective implementation and ongoing management of security tools, systems and processes including: logging, IDS, IPS, endpoint protection, web filtering, MDM, DLP, patch management, vulnerability scanning technologies, etc. Partner with the infrastructure team to develop strong security posturing including reviewing firewall policies and propose changes such as additional network segmentation and filtering policies to better protect the network Provide oversight to IT operations team to manage end user computing on endpoint security, patching and policy management Provide oversight, guidance and development of requirements for vendor selection for new and replacement technologies within the IT Security footprint. Interface with management and the user community to understand business needs, implement security best practices, and identify opportunities for improving security and compliance. Partner with training and professional development staff to promote security awareness among the user community Review and provide input into the company's overall security program and manage multiple security projects in a given periodSupervisory Responsibility: 1 direct report IT Security Specialist and supervise external consultant(s) as needed.Budget Responsibility: Sourcing and budgeting for new security technology tools and Vendor Management.Decision Making Responsibility: Give general security direction to team based on Group level standards and guidelines.Desired: CISSP, CISM or GSEC Security Certification would be a plus. Prior employment with an International (especially European based) organization would be a huge plus!
