GENERAL SUMMARY:Reporting to the Executive Director of Information Security, the Sr. Manager Security Engineering is a member of the IT Information Security department within Laureate Education Information Technology organization. The Sr. Manager Security Engineering should be a highly technical and proficient with information security practices. The candidate will be a self-driven technologist who works closely with others within the security department as well as members of other information technology departments and business stakeholders to design, build, operate and monitor bleeding-edge security infrastructure, platforms, applications and tools to meet strategic and tactical security objectives as outlined in Laureate’s security information program.The Sr. Manager Security Engineering will be responsible for the evaluation and implementation of a broad range of security technologies, processes and best practices. This calls for an experienced and resourceful engineer with the ability to interpret complex information and develop solutions to address security concerns in a timely manner. This role will also contribute to strategic information security operations and planning.ESSENTIAL DUTIES AND RESPONSIBILITIES:
TECHNICAL, MANAGERIAL, and PEOPLE SKILLS REQUIRED
- Coordinate with the security operations center, provided internally or by an external managed security services provider, to identify and assess IT security incidents.
- Assist in the development of technology security requirements and standards aligned to business strategy, security policies and objectives, and technology development and operations processes
- Provide evaluation, analysis, development and implementation of IT Security systems/technologies across all security domains, including the necessary documentation to ensure manageability of the systems post implementation
- Search for and analyze security technology to reduce risks in every information security segment. Research and suggest measures to improve IT related procedures, operations, processes and systems, specific to information security concerns, throughout organization
- Execute and manage IT technologies, strategies and policies to guard company's and customer’s information assets
- Conduct security risk analysis for current and new systems and recommend solutions for reducing exposure areas
- Implement security program plans from the strategic unit of the security organization.
- Support and provide consultancy for audit compliance actions. Implement periodic, on-demand project audits plus vulnerability analysis
- Perform security vulnerability assessments to identify technical weaknesses; work with IT operations and software development staff to create mitigation and/or remediation plans, and manage regular and ad-hoc reporting to appropriate business and technology risk owners.
- Develop security processes, procedures and performance metrics; deliver regular and ad-hoc security reports and briefings to management and technical audiences, as needed.
- Develop and maintain documentation related to security processes, systems, procedures and events.
- Works closely with the Executive Director of Information Security and the security, compliance, business continuity management and privacy organizations to develop and implement effective IT risk management practices
- Develop functional requirements for roles that will be involved in the Security program, Plan, design, and implement security systems and software, including SIEM tools, intrusion detection / prevention systems, advanced behavioral analytics, advanced malware protection tools, security scanning tools
10+ years of experience in IT Security/Risk management or a related discipline (for example, security, privacy, business continuity management or compliance) as well as leading the information security system office and applying security risk management and privacy practices
- 3 or more years of demonstrated experience managing a high-performing, cohesive security team
- 3 or more years of demonstrated leadership experience building consensus across IT domains
- Practical experience designing and implementing enterprise information technology security and working with information privacy laws
- Ability to establish and maintain a corporate wide, global information risk management program and organization
- Strong communication skills with a proven ability to understand key concepts and communicate with technical staff, lines of business and senior management
- 3 or more years of demonstrated experience in liaising with middle and senior management of a large enterprise
- Proven ability to build relationships and influence individuals at all levels in a matrixed environment, as well as external vendors and service providers, to ensure that segregation and overlapping roles are identified and coordinated
- Experience with Security concepts and tools
- Knowledge of SIEM, IPS/IDS, Vulnerability Scanner, Penetration Testing, and incident response methodologies
EDUCATION and/or EXPERIENCE:
LICENSURE and/or CERTIFICATION
- Bachelor's degree (Master's preferred) in Computer Science, Management Information Systems, or a focus on IT Security or IT-risk-related disciplines
- Certified Information Security Manager (CISM) or
- Certified Information Systems Security Professional (CISSP)
- Knowledge of technological trends and developments in the areas of information security, risk management, web architectures and cloud computing, and propensity and willingness to learn new technologies
- Global Mindset; effectively work with and manage culturally and geographically diverse teams
- Professional certification in information security (for example, CISSP, CISM or CISA) desired
- Ability to lead meetings, divide responsibilities, and influence people to take action to assist in the resolution of security incidents; ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors
- Sensitivity to Customer Needs
- Leadership and Project Management skills, Experience managing teams
- Demonstrated understanding of recognized security industry standards and leading practices such as the NIST Cybersecurity Framework, International Standards Organization (ISO) 27001, IT Infrastructure Library and NIST, Capability Maturity Model Integration.
- Detail orientation, and the ability to record, organize, and communicate detail
- A broad technical knowledge base, with the ability and desire to keep informed of emerging technology.
- Skill in organizing and motivating resources, and the ability to drive and account for work