IT Manager, Information Security Operations Center (ISOC) Job in Richardson 75080, Texas US

Summary:  The information security operations center (ISOC) Manager will design, implement and manage Stream’s newly forming 24x7 Global ISOC. The ISOC will be staffed by a team of highly motivated security professionals that will provide enterprise-wide 24x7 monitoring and escalation of security events in the Stream computing infrastructure. The Security Operation Center Manager will manage a team of ISOC Analysts and act as the final point of escalation for all security incidents.  The ISOC Manager is the process owner for all of the ISOC's systems, staff and responsibilities which supports the protection of Stream’s assets (people, information, products and facilities) against threats that may impact the business goals of the company.

 

Responsibilities:

·         Manage the ISOC staff to ensure that initiatives, commitments and projects are delivered in a timely, effective and professional manner. Support the department and company's goals and objectives in accordance with Stream management practices. Manage the employee development and performance process to ensure that the staff meets their maximum potential.

·         Manage the operation and service of all of the ISOC's systems. Performs audits to ensure that the systems are functioning and performing properly. Stay current with new trends and propose changes that will enhance the operation of the ISOC.

·         Manage incident and emergency response. Coordinate communications between the responders and management team. Implement notification and response procedures.

·         Manage and conduct investigations as assigned to ensure prompt resolution of issues. Uphold the highest level of confidentiality and integrity and communicate results of investigations to only approved stakeholders.

·         Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organizations data security measures.

·         May serve as technical lead or project lead in projects involving testing defenses against hacking, Denial of service, spam, break-ins, or related attacks. Provide technical guidance to less senior staff or applications developers/systems administrators.

·         Identify potential areas of compliance vulnerabilities and risks; determine the adequacy and effectiveness of the corrective action plans and proposed controls to mitigate these risks.

·         Monitor and audit IT controls for efficiency and effectiveness, execute compliance testing to detect control weaknesses and security vulnerabilities.

·         Direct technical and application teams to develop, prioritize and implement remediation plans to resolve control deficiencies.

·         Serve as organization's POC for third party certification of security procedures and use of cyber security protections. Ensure that system's security controls, policies and procedures examined, measured and validated against third party standards.

·         Provide strong central oversight to guarantee consistency in compliance activities and sharing of best “control” practices across the Technologies organization.

·         Keep current with regulatory developments, corporate requirements, system acquisitions, audit findings, and technical and application roadmaps.

·         General understanding of standard control frameworks:  Cobit, COSO, ISO2700x, SAS 70 process - specific knowledge in at least one.

·         Additionally, the role will involve developing and maintaining in-depth understanding of the business and its external environment.  The role requires the ability analyze and interpret the risk implications of changes in the infrastructure and the control environment.  It also requires risk management expertise to ensure creation and maintenance of effective risk mitigation strategies across all stakeholder groups:  Business, Information Technology functional groups and Global Security, Privacy Compliance.

 

Requirements:

  1. Strong knowledge of software, hardware and networking information technologies.
  2. In depth knowledge of IT security IT controls concepts, practices, and procedures.
  3. Skill in verbal and written communication to analyze, interpret and address customer needs.
  4. Highly developed interpersonal style with emphasis on collaboration, influencing and building strong longer-term relationships particularly across the Technologies organization.
  5. Skill in managing many projects around the globe concurrently.
  6. Ability to work with minimal guidance or supervision in a time critical environment.
  7. Ability to be flexible and quickly adapt to changing business needs and processes.
  8. Ability to interact effectively with all levels of management and customers.
  9. Knowledge and experience with various IT governance control frameworks (NIST, COBIT, COSO, ITIL, etc.).
  10. Relevant professional certification (CPP, CISA, CISM, or CISSP) is a plus.
  11. Bachelor’s degree with at least 5+ years of hands on experience in Network and Security Operations. Ideal candidate will have experience in customer service, call center or central station environment.
  12. Equivalent education or experience may be substituted for any of the above.