Manager, Information Security
About The Brand
Overview and Responsibilities
The Senior Technical Manager’s primary job responsibility is to reduce risk to Viacom Information and Information Systems through the understanding and use of various data security technologies, applications, methodologies and industry standards. The Senior Technical Manager will be a Technology professional able to provide advanced expertise in Information Security Technologies and risk reduction strategies. In addition to daily operational responsibilities, this role will be responsible for the innovation and execution of people/process and technology improvements within Information Security as well as the broader MTS group. This role includes a focus on DevSecOps and requires daily interaction with DevOps to enforce Secure SDLC requirements.
- Coordinates with DevOps to verify compliance with Secure SDLC process and monitors secure code enforcement and remediation efforts.
- Works independently applying in-depth knowledge of multiple Information Security technologies (Cloud Access Security Brokers (CASB)/Database Security (DAM)/Data Breach Solutions (DBS)/Data Leakage Prevention (DLP)/Data Security and File Encryption platforms/DDOS Protection Platforms/ Dynamic Web and Static Code Testing Solutions/Email Security Platforms/Endpoint Protection and Response solutions/Firewalls/Identity and Access Management Platforms (IAM)/IPS solutions/Network Behavioral Analysis (NBA)/Privileged Access Management (PAM)/Security Information Management Solutions (SIM)/Threat Management Platforms (TMP)/Vulnerability Management platforms/Web Application Firewalls (WAF)/Web Security URL Filtering, etc.) as appropriate.
- Performs sophisticated analysis of Information Security related logs and log data to surface potential Information Security risk and concerns for resolution.
- Actively makes risk reducing recommendations to appropriate business units regarding the development of new or existing services.
- Participates in Incident Response training initiatives and when required ensures active participation in the incident response lifecycle governed by the Technical CIRT Policy.
- Frequently reviews any tickets in any service ticketing queues related to the group handled to ensure accurate ticket closure.
- Effectively lead a team of employees and/or consultants to deliver efficiently on projects and maintain positive team dynamics and communications.
- Knowledge of Secure Coding standard methodologies as defined by OWASP.
- Experience with Static Code Analysis tools such as Checkmarx or HP Fortify.
- Previous experience working in DevSecOps, including knowledge and experience enforcing a Secure Software Development Lifecycle.
- Goal driven individual with good technical, interpersonal, communication and organizational skills.
- Makes a dedication to helping build a “transparent culture of service” which fosters an open, honest, candid workplace within the teams handled.
- Embraces and fosters “innovation” by working on new things in new ways every day.
- Develop a global perspective with consideration for local business needs.
- Acts as an Information Security domain authority and is comfortable interacting with employees at all levels and roles.
- Resource management skills, capable of leading contract employees.
- Acts responsibly with sensitive and confidential information.
- Is creative and inventive as a problem solver.
- Consistently demonstrates the drive to deliver projects successfully even under difficult timelines.
- Have strong logical, analytical, methodical, investigative, and auditing skills.
- Knows when to make practical rational decisions that reduce risk to Viacom information and Information systems.
- Excellent verbal and written communication.
- Travel domestically and internationally if required and with short notice.
- Must be reliable and available 24/7 if required.
Solid understanding of the following:
- Demonstrated experience in handling cybersecurity incidents through the incident response lifecycle.
- Demonstrated experience with the following security areas: GRC, SIEM, Vulnerability. management, identify and access management, firewalls, DLP, forensics, malware analysis and incident response.
- Layer 2, 3 and 4 infrastructure designs and functionality.
- Windows, Linux, and Cisco Networking Device hardening best practices.
- The latest hacking techniques and appropriate countermeasures.
- Firewalls, rule base analysis, stateful inspection, encryption and associated algorithms.
- Common threat analysis methodologies such as SANS and OWASP.
- Knowledge of Common Cybersecurity Frameworks (NIST, ISO, COBIT, and SSAE-16).
- Identity and Access Management methodologies.
- Authentication Platforms, which includes but is not limited to LDAP and Active Directory.
- Federated Authentication Platforms and associated protocols.
- Proficient knowledge of regulatory controls including PCI and SOX.
- Remains current on emerging trends and best practices within the community of information security authorities; researches and leverages standard methodologies from other industry partners.
- 6+ years industry experience required, including a minimum of 3 years at a Senior-manager level. Desired previous experience working in DevSecOps.
- CISSP Preferred
- SANS (GIAC), CEH, CISSP, PMP, ITIL (Optional but preferred.)
- BA/BS degree or equivalent preferred.