Cyber Security Manager

Responsibilities:

• Collaborate and execute the strategic vision for the Cyber Security Organization.
• Work across multiple teams including our Engineering, IT and Security teams to manage the organizational Security vision and lead the maturation of our Cyber security posture.
• Ensure Hermeus’ successful annual delivery of Cyber security Maturity Model Certification (CMMC) LVL 2 reports along with any additional security-related industrial or regulatory compliance frameworks we adopt in the future (e.g., ISO 27001).
• Oversee the execution of our growing Classified Information System infrastructure program.
• Maintain up-to-date knowledge of the Cyber security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
• Mentor technical team to lend expertise toward driving solutions. Lead the development of in-depth technical documentation and process training materials in collaboration with internal users and departments.
• Oversee the strategic improvement and operation of the following processes: identity and access governance, policy management, disaster recovery, business continuity, and employee security awareness.
• Develop, coordinate, and drive strategies to advance Hermeus’ risk management maturity, including risk assessments, tracking risks, issues/exceptions/remediation management, and third-party risk management.
• Develop, coordinate and represent Cyber security on change control activities and ensure proposed changes are in alignment with security best practices.
• Manage relationships with third-party vendors to ensure adherence with Security best practices.

Requirements:

• 5+ years of people leadership experience managing resources in the past with a strong history as a leader with excellent communication and analytical skills.
• Strong understanding of security principles, practices, and frameworks, including experience at various levels of security including physical, network, application, data, IAM, human, cloud, and others.
• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Strong presentation and communication skills and ability to speak with Senior Leadership and C-Level Executives.
• CISSP, CISM, CISA, CIPT, CIPM, CRISC or other relevant certification.

Preferred Qualifications:

• Experience of network design, mobile security, network and firewall security technologies and vulnerability management, scanning.
• Knowledge of web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten.
• Experience managing project through the full system development lifecycle.
• Deep understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies.
• High degree of skill and knowledge in managing and part taking in incident response, Intrusion Prevention Systems, Intrusion Detection Systems, SEIM, Endpoint security solutions.