This job has expired, please see additional jobs below
Senior Manager, Operational Security
Sirius XM
Freeport, TX, United States
Job Details - this job has expired, please see similar jobs below
Position Summary:
The Senior Manager, Operational Security has full management accountability and responsibility for all aspects (strategy and execution) of Sirius XM Streaming Services and Products component of the security program, with a focus on Intrusion Detection Systems (IDS), Security Event Monitoring and Response, Vulnerability Management and Data Leakage Prevention (DLP), Security Administration and overall security operations management.
This individual will be responsible for security solutions, tools and related infrastructure deployment, configuration and ongoing management and support while evolving roadmap for the team. This individual will act as focal point for security activities, including vulnerabilities, investigations, and security incidents. Additionally, this position will play a key role in executing security processes, along with the development of an effective service management strategy and approach.
This individual may manage Information Security Engineers and will work closely with the broader Enterprise Information Security team and also with peer leaders in IT Operations (ex: Network, Storage/backup, Desktop, Mobile, NOC, Release Management, Application Administration, Disaster Recovery, Change Management, Windows/Unix/Linux/VMS Server infrastructures and Help Desk.)
Duties and Responsibilities:
• Lead Operational Security centric projects, including solution design, scoping, and implementation. Select and manage the ongoing additions, enhancements and refinements of Sirius XM Streaming Services and Product's Security Infrastructure, supporting Sirius XM Enterprise Information Security Program. Provide input to the broader IT Security roadmap and participate in risk assessments.
• Direct and oversee execution of defined security processes in the areas of intrusion detection; security event monitoring/SIEM; vulnerability management; Internet proxy management; Data leakage prevention (DLP); and digital certificate management. Perform leadership role in investigating and responding to security related events. Maintain Operational Security team documentation, including runbooks, procedures, processes and hardware and software inventory detail.
• Perform all aspects of vendor management for MSSPs (Managed Security Service Providers) and security software vendors, including contracting, licensing and performance measurement.
• Advise other IT Operations teams on security risks and best practices in support of Sirius XM Streaming Services and Products security program. This may include participation in areas such as patch management, data networking and firewalls; anti-malware, and encryption.
• Manage Operational Security budget (capital and expense).
• Perform other duties as assigned.
Supervisory Responsibilities:
• Manage 1 Senior Security Engineer.
Minimum Qualifications:
• 8-10 years of relevant technical experience.
• 3-5 years of supervisory experience.
• Bachelor's degree in Info Security, Computer Science or equivalent work experience.
• Certifications: Security Centric - CISSP required, additional security certifications a plus.
Requirements and General Skills:
• Significantly 'self-sufficient' and comfortable making recommendations and decisions with less than perfect information.
• Ability to assess, recommend and present financial / business benefits of technical options and champion recommendations.
• Demonstrated experience managing the balance of security spend v. risk mitigation.
• Dynamic ability to shift easily between tactical/operational issues and long term/strategic planning.
• Ability to motivate and develop staff.
• Pragmatic decision maker.
• Excellent communicator and relationship builder.
• Interpersonal skills and ability to interact and work with staff at all levels.
• Excellent written and verbal communication skills.
• Ability to work independently and in a team environment.
• Ability to pay attention to details and be organized.
• Ability to project professionalism over the phone and in person.
• Commitment to "internal client" and customer service principles.
• Willingness to take initiative and to follow through on projects.
• Excellent time management skills, with the ability to prioritize and multi-task, and work under shifting deadlines in a fast-paced environment.
• Must have legal right to work in the U.S.
Technical Skills:
• 8+ years professional experience with a combination of 'hands on' security and related technical responsibilities and management / leadership.
• Experience with security tool selection, deployment and application in the following areas: Intrusion detection systems; vulnerability scanners; data leakage tools; and encryption solutions.
• Experience with vendor/provider contracting, managed services sourcing, and relationship management.
• Experience with Cloud Computing Security best practices.
• Experience advising on implementation of secure software development practices.
• Experience using security practices with source code repositories such as Github, SVN etc.
• Experience with annual budget development (capital and expense) and ongoing management.
• Experience with any of the following is a plus:
◦ Public cloud computing & CDN's. (AWS, Azure, Akamai, Limelight, etc.),
◦ Database infrastructure and security,
◦ Dynamic and Static Application Testing tools,
◦ Software Development Experience (Java, C/C++, or JS, etc.),
◦ Scripting Abilities (bash, Ruby, Windows, PERL, or Python, etc.),
◦ Log Analysis,
◦ Mobile App Development,
◦ Jira, Confluence, and Crucible,
◦ Server System Administration of Jira, Github, Confluence, Crucible.
Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Disabled.
The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.