Company Summary

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for seven consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

Job Summary

The Manager for Cyber Defense is a member of the technical security team working within the office of the CISO. The Cyber Defense Manager will report to the Director of Cyber Defense and Security Operations.

The Cyber Defense Team is responsible for delivering the following core services:

• Security Assessment Service
  • Penetration Testing
  • Threat Hunting
  • Breach & Attack Simulation
  • Red Team Exercises
• Cyber Threat Intelligence
• Cyber Threat Advisory Service

Essential Functions

• Mature the Cyber Defense program through the implementation, configuration and use of appropriate technologies and processes to meet current and future requirements
• Ensure the successful and timely delivery of all responsible services
• Manage a team of Cyber Security Engineers and Analysts, assisting them in developing their skills as required
• Continually assess our tool sets, processes and procedures, and make recommendations for improvements in their effectiveness and efficiency to achieve operational excellence and risk reduction
• Communicate threat intelligence and security performance metrics to Information Security Senior Management through regular reports, KPI’s and KRI’s
• Collaborate fully with dependent and other technical security teams including Security Operations Incident Response and Vulnerability Management team.
• Create and ensure adequate up to date documentation of the services, processes and procedures is produced and maintained.
• Produce reports and information to the GRC team in response to audit and control review requests
• Work closely with Information Technology to identify and mitigate risks, perform security reviews, and consult on the design of best of breed security practices and procedures.
• Monitor changes and trends in the threat landscape to enable proactive security controls.
• Plan, coordinate and manage 3rd party provided penetration testing services, remediation activities, and post-remediation re-testing.
• Coordinate with business and technology departments to ensure security is incorporated into new and existing processes
• Where called upon, to assist in the investigation of cybersecurity incidents, identify intrusions, and isolate, block and remove unauthorized access
• Support the Cyber Defense team members in performing and delivering the services daily where required. E.g., performing threat hunts, analyzing cyber threat intelligence information, and reviewing and processing penetration test reports
• Ensure security advisories are communicated to the relevant recipients in a timely mannner

The Cyber Defense Manager must have:

• Excellent communication skills, as well as outstanding presentation and persuasion capabilities, with exceptional presence that elicits confidence and credibility. Ability to communicate effectively across a wide group of people and audiences
• Working industry knowledge of Information Technology and Cyber Security to lead in this functional area
• Ability to effectively convey complex issues and communicate to a variety of audiences including technical staff, peers, as well as senior management, and oversight bodies
• A track record of developing trust-based relationships with customers to fully understand and deliver solutions to meet their business needs, while using diplomacy and relationships to advance the information security risk management program within a consensus-driven culture
• People management skills and experience of managing teams of technical resources in the past

Knowledge and Skills/Technology Used

• Successful track record of managing staff and working in a Cyber Defense or Operations team, delivering the core services, and designing, developing, and managing the execution of projects in area of expertise
• Ability to communicate the function’s vision and the department’s direction, and set aligned goals for team; provide resources and implements systems to measure results
• Ability to select, coach and develop talent and hold employees accountable for results, support change and foster collaboration
• Deal with others in an honest manner, assure adherence to company policies, address questionable business practices
• Foster customer loyalty and demonstrate commitment to customer satisfaction; keep customers apprised of progress and ensure commitments are met
• Provide others with reliable information, create, and deliver accurate reports and presentations; use good listening skills; negotiate effectively

Typical Education

Bachelor’s Degree or equivalent work experience preferred. Industry aligned certifications such as CISSP, CISM, CTIA, GCTI are desired

Typical Range of Experience

• 5 to 7 years of leadership experience in progressively responsible roles in a demanding Infosec environment
• Professional experience in applicable discipline and demonstrated experience in evaluating significant IT processes and maintaining a robust Information Technology control environment for a complex IT organization

This role is open to be remote for out-of-area candidates.

For candidates local to Santa Ana, CA and surrounding areas, the expectation would be onsite in a hybrid capacity (2 days per week).

Pay Range: $86,180 - $191,820 annually

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

#LI-BR1

#techreferral

First American invests in its employees’ development and well-being, empowers them to provide superior customer service and encourages them to serve the communities where they live and work. First American is committed to diversity and inclusion. We are an equal opportunity employer.Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.