Information Security Operations ManagerApply Now Draper, UT
The Information Security Operations Manager will be responsible for leading Progressive Leasing’s Security Engineering & Operations team. Primarily, the Security Operations Manager must ensure an appropriate, risk-based approach for Security Incident Response, Remediation and Recovery. This will be accomplished through the effective management of technical security staff, development and maintenance of well-defined and vetted processes, and deployed security tools for detection, prevention and response.
What You'll Do:
- Drive results for Security Engineering and Operations leveraging team and tools to accomplish objectives with a strong focus on business acumen and knowledge of IT infrastructure, operations, and development.
- Provide strong leadership for cross-functional / stakeholder communications.
- Develop and maintain documentation, communications and training related to Security Engineering and Operations including but not limited to:
- Incident Response planning and correlating Runbooks for identified areas of greatest risk
- Business Continuity planning, practices, and communication
- Disaster Recovery and testing focused on critical business functions
- Technical and configuration standards and practices focused on security engineering and infrastructure
- Vulnerability management
- Solution management for deployed security controls
- Auditing, Logging, monitoring and alerting practices
- Proactively assess exposure to attack and reduce the attack surface to minimize exposure without disruption to services.
- Continuously evaluate the security posture of security engineering and operations people, processes and tools and adjust accordingly to ensure effective preparation, detection, containment, investigation, remediation and recovery during a security incident.
- Engage in Change Management to ensure the status of security posture is not negatively impacted by changes to IT operations.
- Provide metrics on identified processes to illustrate trending and status in security posture.
- Actively acquire, evaluate and disseminate information regarding vulnerabilities and threats tethered to correlating assessments of risk and impact based on our infrastructure, applications and known exposure.
- Lead and engage in projects focused on ensuring the deployment of security controls and the secure implementation of IT systems and software.
- Manage on-call procedures and schedule for Security Operations to ensure a rapid response to security events.
- Present to large technical and non-technical audiences on security strategy and initiatives.
Minimum Experience & Qualifications:
- Strong knowledge of networks, operating systems, cryptography, preventive, detective and offensive security solutions.
- Excellent understanding of information security concepts, protocols, tools, industry best practices and strategies.
- Strong leadership abilities, with the capability to provide guidance for information security team members
- Focus on a business appropriate measured response, strong time management, effective prioritization and appropriate sense of urgency in day-to-day Security Operations
- Experience with common information security management frameworks and best practices sourced from NIST/FIPS, CMU, SANS, OWASP, etc.
- Advanced threat-modeling based on technical acumen, knowledge of system and application architectures, vulnerabilities and information assimilated from multiple resources.
- Excellent verbal, written and interpersonal communication skills, including in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- Experience in application technology security testing (white box, black box and code review).
- Experience in system technology security testing (vulnerability scanning and penetration testing).
- Ability to identify needs, take initiative and prioritize work efforts — balancing operational tasks with longer-term strategic security efforts
- BA/BS combined with 5+ years of overall information security engineering and technology operations experience with an emphasis on leading teams
- Primary security certifications to include CISSP or GSEC with secondary certifications being desired such as GPEN, GCIH
- Curious, inquisitive, innovative, lifelong learner and self-starter
- Strong documentation and communication skills
Compensation, Perks & Benefits:
- Competitive Compensation with Bonus Potential
- Full Health Benefits - Medical/Dental/Vision
- 401k, Paid Time Off and Tuition Reimbursement
- Full Service Gym, Game and Lounge Area, Basketball Court
- Free Healthy Snacks and Refreshments
- Subsidized Public Transit
- Fun and Relaxed Work Environment
WHO IS PROGRESSIVE LEASING?
Founded in 1999, Progressive Leasing, a wholly-owned subsidiary of Aaron’s Inc. [NYSE: AAN], is a steadily growing company already surpassing $1B in revenue. Our scalable customer payment software products provide lease-purchase technology solutions through 26,000+ retail locations in 45 states.
Progressive Leasing does not discriminate in any aspect of employment on the basis of race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by federal, state, or local employment discrimination laws where Progressive Leasing does business. All new hires must pass a pre-employment criminal background check and drug test.