• Senior Manager, Security Operations

    College of American Pathologists (Northfield, IL)


    Who we are? As the world's largest organization of board-certified pathologists and leading provider of laboratory accreditation and proficiency testing programs, the College of American Pathologists (CAP) serves patients, pathologists, and the public by fostering and advocating excellence in the practice of pathology and laboratory medicine worldwide.

     

    Our Culture

     

    + CAP employees make a meaningful difference by partnering with colleagues customers and members on challenging and rewarding work

    + CAP provides its employees with an energetic and collaborative work environment and encourage opportunities to further develop their skills—offering reimbursement for educational programs and participation in events that enhance your skills

    + We offer a generous compensation and benefits package, 401K, and more -- visit Careers at the CAP (https://www.cap.org/careers-at-the-cap) for more details

    Brief Description

    The Senior Manager, Security Operations is responsible for aligning security operations initiatives with enterprise programs and business objectives and ensuring that information assets, products, and technologies are appropriately protected through typical security operations center (SOC) best practices. The Senior Manager is directly responsible for leading the SOC and managing the CAP’s Information Security department. This new and critical role will collaborate deeply across the CAP to further develop security operations best practices and establish new standards, while maintaining high-level team performance standards.

     

    The Senior Manager will work with other CAP departments to ensure systems, products, and enterprise solutions (in the cloud and on-premises, and for both customer and internal-facing offerings) are adequately protected and that security alerts are properly addressed and actioned on. The Senior Manager will have direct hands-on knowledge and experience with technologies and solutions in the cloud as well as on-premise environments.

     

    The Senior Managers is responsible for proactively protecting information assets from unauthorized or inappropriate access, use, or disclosure, and other business disruptions that may elicit a negative security impact. And for acting as the incident response lead under the declaration of incident response and in coordination with the CISO in their role as incident commander.

     

    The Senior Manager is responsible for managing daily activities of the Security program, including development of or managing in-flight projects, ongoing practices, triage events as mentioned above, including security product outages, and any programmatic one-off improvements. The Senior Manager is also responsible for the security team, including coordination and follow-up on daily activities, sprint planning, and security staff reviews and performance evaluations.

     

    The Senior Manager leads by example and models the key behavioral and performance attributes that guide the CAP’s employees including the CAP’s Leadership Values: Partnership, Respect, Accountability, Communications and Excellence. Additionally, the Senior Manager demonstrates ongoing commitment to the CAP’s mission, vision, and values; consistent alignment of team activities to IS strategy; effective engagement with the CAP’s stakeholders; attention to detail; and on-time delivery of services.

    Specific Duties

    Primary duties and responsibilities:

    + With sponsorship from the Information Services Leadership Team (ISLT), and direct support and mentorship from the CISO, leads an enterprise-wide information security discipline that allows for appropriate prioritization of security-relevant business strategic objectives, with a heavy focus on Security Operations.

    + Manages responsibility for Security Operations, including threat management, security monitoring, trend correlation, and incident management of security violations and exceptions, AND coordination & collaboration with other CAP stakeholders that are responsible & accountable for related information security activities.

    + Manages the information security team and assists them in gathering technical requirements, architect solutions, and executes on deliverables, and mentors the team in information systems best practices.

    + Protects valuable information and maintains the confidentiality and integrity of data.

    + Keeps current with knowledge of industry trends and known and emerging risks.

    + Reports regularly to the CAP senior leadership and management regarding the status of the CAP SOC and mitigation of identified information-security issues.

    + Develops regular informational security-related communications and directs a security awareness program.

    + Improves and implements specific security policies, plans, and standards and guidelines.

    + Identifies key metrics and develops dashboard reports that reflect the current state of the information security program.

    + Provide support for information security and privacy activities in service of the CAP regulatory compliance.

    + Collaborates with various business stakeholders in multiple technical disciplines (ex: Software Development Operations, IT, Software Product Development, and individual subject matter experts) to support existing and new security solutions.

    Knowledge/Skills Required/Preferred

    + Demonstrated personal proficiency in the following Information Security Domains, with a focus on the bolded domains:

    + Managing Risk

    + Authoring Policies and Procedures

    + Implementing Safeguards

    + Managing Service Providers

    + Measuring Program Effectiveness

    + Providing for Incident Response

    + Conducting Training

    + Producing Reporting

    + Ability to manage engagements with the CAP client far-side security leader counterparts (and other client leadership) in service of information security collaboration, compatibility, and overall client satisfaction with the CAP’s security program.

    + Excellent influencing and problem-resolution skills.

    + Previous work experience at an organization that develops software.

    + Demonstrated project management skills & strong attention to detail.

    + Strong communication skills, with the ability to convey technical concepts to individuals with varying levels of technical understanding.

    + Highly self-motivated with the ability to work independently on tactical security initiatives while managing a team.

    + Ability to organize time and project work efficiently.

    + A strong ethical foundation, capable of thriving in an environment and culture where honesty, integrity, and accountability are core values.

    + A collaborative spirit, a team orientation, and a willingness and desire to contribute to the success of others.

    Education/Experience

    Education

    + A bachelor's degree in information technology, Computer Science, or related field, AND/OR certificates of Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), OR equivalent combination of education and experience.

    Experience

    + 5+ years’ experience managing a security operations center (SOC).

    + 3+ years’ experience managing an information security team.

    + Previous experience with one or more of the following governmental & industry rules and regulations, such as the following: FERPA/HIPAA/HiTRUST/FISMA/FedRAMP/PCI/DoD CMMC/ISO 27001/NIST CSF/MARS-E/IRS Publication 1075/SOX.

    + Expertise in cybersecurity best practices and implementation of cybersecurity frameworks such as the following: NIST CSF/CIS CSC/ISO 27001/SOC 2 Type II.

    + Demonstrated ability to effectively manage teams, including coordination of ongoing professional development to enhance existing and build new skills.

    + Advanced analytical and problem-solving capabilities.

     

    Related certifications

     

    + Cybersecurity certifications such as:

    + Certified Information Systems Security Professional (CISSP)

    + Certified Information Security Manager (CISM)

    + Security Operations certifications such as:

    + GIAC Security Operations Manager (GSOM)

    + Security Blue Team Certified Security Operations Manager (CSOM)

    + Project management certifications such as:

    + PMP (Project Management Professional)

    + ITSM (Information Technology Service Management)

    Additional Criteria

    This position is based out of the Northfield, IL office. Candidates must reside within 75 miles of the Northfield headquarters.

     

    Travel is required when necessary; expected to be less than 10%.

     

    Salary Range: $135,000 - $172,000

     

    Equal Opportunity Employer The CAP is an equal opportunity/affirmative action employer, providing equal employment opportunities (EEO) to all employees and qualified applicants for employment without regard to race, creed, color, religion, sex, gender identity and/or expression, national origin, age, ancestry, disability or genetic information, military status, sexual orientation, marital status, citizenship status, order of protection status, homelessness, or any other characteristic protected by federal law and the applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. Applicants have rights under Federal Employment Laws: Family and Medical Leave Act Equal Employment Opportunity Employee Polygraph Protection Act

    Job Details

    Job Family Computer Science

     

    Pay Type Salary

     

    Travel Percentage 10