Director – Security Operations & Incident Response @ ConnectWise

Director – Security Operations & Incident Response

Posted on 3/14/2023

INACTIVE

Locations

Remote • United States

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Communications

Requirements

10+ years of relevant hands-on cybersecurity experience dealing with incident detection and response
5+ years of formal people management experience
Ability to manage multiple activities and events simultaneously, with a strong ability to prioritize multiple tasks and respond to high-priority events
Ability to work independently and collaboratively with teams that are geographically distributed
Strong communication skills and able to prepare and present well written papers, briefing and other materials to senior leadership across the enterprise
Demonstrated ability to form coalitions amongst disparate groups, be able to produce thorough and precise documentation, and have sound decision making skills
Bachelor's Degree in Computer Engineering / Computer Science or equivalent work experience
Possess current security certifications (e.g. CISSP, CISM, CEH, Security+ or SANS certification or equivalent)
Remote position
Professional office environment
Up to 10% travel required

Responsibilities

Lead all aspects of a SOC and IR organization with a focus on providing a comprehensive cyber defense and response capability
Develop and build out additional SOC and DFIR program capabilities, processes, and procedures, and align them to the ConnectWise long-term cyber strategy
Develop roadmaps, set objectives, and choose initiatives that support the goals of improving capability maturity
Provide strategic direction for advancement of SOC detection, analysis, response, and prevention capabilities
Partner with engineering, operations, and other teams to improve ConnectWise's cyber defense posture
Recommend changes to practices and policies and help direct the operationalization and measure the effectiveness of program components
Work with your team to identify, track and remove impediments to improve our visibility, monitoring, and investigation capabilities
Lead security incident and data breach investigations and handle post-incident reporting in urgent or critical situations
Translate the lessons learned from a security incident or data breach to improve our program or address control deficiencies
Use a maturity model to measure the incident detection and response capability and identify capability gaps in all support environments over time
Develop metrics for reporting purposes and drive specific actions, including measuring and improving operational effectiveness and performance and determining detective control effectiveness and coverage
Coach your team to improve performance and morale

ConnectWise is the world’s leading software company dedicated to the success of IT Solution providers. As a company our vision is to power a thriving IT ecosystem that transforms what’s possible for SMBs. How we do this is by empowering IT solution providers with unmatched software, services, and community to achieve their most ambitious vision of success

ConnectWise provides a work environment where each colleague is valued for their perspectives, skills and talents, is treated respectfully, can communicate openly and is encouraged to develop to their full potential as a contributor to the success of the company and the communities we serve.

We at ConnectWise value our colleagues and offer a competitive benefits package including medical, retirement investment plans, flexible time away, master’s assistance program and colleague recognition program.

General Summary:

The Director of Security Operations and Incident Response plays an integral role in the protection of the ConnectWise brand and its assets. This position will be a vital member of the Information Security organization, leading both the Security Operations Center and the Incident Response teams. You will lead our global incident detection and response program and will be responsible for overseeing the triage, analysis, and investigations as needed. Your teams will be responsible for security monitoring, detection and response, security incident management, security detection engineering, and security data science. You will lead this team and be primary on security incident and data breach investigations and handle post-incident reporting in urgent or critical situations.

Essential Duties and Responsibilities:

Lead all aspects of a SOC and IR organization with a focus on providing a comprehensive cyber defense and response capability
Develop and build out additional SOC and DFIR program capabilities, processes, and procedures, and align them to the ConnectWise long-term cyber strategy
Develop roadmaps, set objectives, and choose initiatives that support the goals of improving capability maturity
Provide strategic direction for advancement of SOC detection, analysis, response, and prevention capabilities
Partner with engineering, operations, and other teams to improve ConnectWise’s cyber defense posture
Recommend changes to practices and policies and help direct the operationalization and measure the effectiveness of program components
Work with your team to identify, track and remove impediments to improve our visibility, monitoring, and investigation capabilities
Lead security incident and data breach investigations and handle post-incident reporting in urgent or critical situations
Translate the lessons learned from a security incident or data breach to improve our program or address control deficiencies
Use a maturity model to measure the incident detection and response capability and identify capability gaps in all support environments over time
Develop metrics for reporting purposes and drive specific actions, including measuring and improving operational effectiveness and performance and determining detective control effectiveness and coverage
Coach your team to improve performance and morale

Knowledge, Skills, and/or Abilities Required:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

10+ years of relevant hands-on cybersecurity experience dealing with incident detection and response
5+ years of formal people management experience
Ability to manage multiple activities and events simultaneously, with a strong ability to prioritize multiple tasks and respond to high-priority events
Ability to work independently and collaboratively with teams that are geographically distributed
Strong communication skills and able to prepare and present well written papers, briefing and other materials to senior leadership across the enterprise
Demonstrated ability to form coalitions amongst disparate groups, be able to produce thorough and precise documentation, and have sound decision making skills

Educational/Vocational/Previous Experience Recommendations:

Bachelor’s Degree in Computer Engineering / Computer Science or equivalent work experience
Possess current security certifications (e.g. CISSP, CISM, CEH, Security+ or SANS certification or equivalent)

Working Conditions:

Remote position
Professional office environment
Up to 10% travel required

The statements above are intended to describe the general nature and level of work being performed by people assigned to this job. Other duties may be assigned as needed. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

ConnectWise is an Equal Opportunity Employer.

501-1,000 employees

Website

Software solutions for TSPs

Company Core Values

Drive partner success
Innovate everywhere
Make a difference
Perform as a team
Take pride in our work
Own the outcome