This site uses cookies. To find out more, see our Cookies Policy

Information Security Manager in Brentwood, TN at Vaco

Date Posted: 2/21/2019

Job Snapshot

Job Description

Position Responsibilities:

  • Work with and manage third party service partners as needed on risk assessments, vulnerability scans, penetration testing, incident management, managed SIEM, IDS/IPS, Data Loss Prevention (DLP), and threat intelligence
  • Manage the consolidation of large sets of data specific to threats and vulnerabilities to develop meaningful metrics and apply accurate risk weighting and prioritization
  • Oversee and coordinate remediation efforts of identified cybersecurity vulnerabilities
  • Provide Incident Response support when analysis confirms actionable incident
  • Ensure the successful completion and recording of scanning activities as required by audit and regulatory authorities
  • Investigate, document, and report on information security issues and emerging trends
  • Collaborate and coordinate with the Risk and Compliance team on technical / cyber risk assessments
  • Support and participate in the development, automation, execution and monitoring of security operations controls in support of the Information Security Program, including the writing of needed documentation such as standards, procedures and guides
  • Support and participate in the research, evaluation, design, and testing of information security solutions to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.

Position Qualifications:

  • 7+ years of experience in the related technology fields
  • Previous supervisory experience strongly preferred
  • Bachelor's degree in Computer Science, related technology field or equivalent work experience
  • Certified Information Systems Security Professional (CISSP) required
  • Extensive experience in threat hunting, malware analysis, log reviews, and memory analysis required
  • Strong Project Management experience required
  • High-level understanding of computer security concepts such as Identity & Access Management, Network Security, Application Security, and Incident Management
  • Extensive experience with SIEM and/or log aggregation technologies such as Splunk and McAfee ESM preferred
  • Advanced GIAC certifications preferred
  • Experience investigating computer network intrusions and incident response in an enterprise environment, preferably in a Security Operations Center (SOC)
  • Strong understanding of information security concepts, protocols, industry best practices, strategies, frameworks and regulations such as International Standards Organization (ISO) 2700x, NIST Cybersecurity Framework, Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley (SOX).
  • Experience with and ability to document processes, systems and controls.
  • understanding of networking concepts and protocols (such as DNS, SMTP, FTP, SSL, etc.)
  • Understanding of threat vectors as well as exfiltration techniques preferred
  • Extensive knowledge of relevant legal and regulatory requirements as well as privacy laws preferred