Spencer Stuart

Position Summary

The Information Security department of Spencer Stuart International (SSI), a leading international management consulting firm specializing in senior-level executive search, is seeking a hands-on Information Security Manager who has extensive experience in the research, design, analysis, testing and implementation of complex information security technologies. The position of Information Security Manager reports to the Chief Information Security Officer. The Information Security Manager will coordinate the efforts of the SSI security operations team, lead information security projects, and oversee incident response to protect SSI information systems and networks from cyber-attacks, intrusions malware and various data security risks. This ideal candidate will be detail oriented and have the skills necessary to support and drive complex information security projects across geographic and organizational boundaries.

Principal Responsibilities

• Manage a team of three information security engineers responsible for global security operations
• Design, communicate and deploy information security project deliverables on time, and to required quality
• Determine security requirements by evaluating business strategies and requirements; research information security standards; conduct system security and vulnerability analyses and risk assessments; identify platform integration issues
• Use technical knowledge of current attacks to identify flaws and weaknesses in the composition and design of networks, remote access schemes, systems and applications to specify solutions, verify the solutions that have been implemented, and rapidly adjust designs based on new threat and attack information as acquired
• Partner with the enterprise architecture team to plan, research and design security architectures for new business and technical initiatives
• Provide engineering support for all preventative and detective security technologies such as: malware detection, network access controls, web/email content filtering, SIEM response, intrusion detection and vulnerability management
• Partner with the desktop services team to support the communication, deployment, and ongoing resolution of issues associated with security technologies and security incidents

Requirements

Mandatory Working Experience

• 10+ years of information security experience required
• 5+ years of Active Directory / LDAP experience
• 5+ years of Identity and Access Management experience with hands-on administration of a major IdP (i.e. Okta, Azure AD, Idaptive)
• 5+ years of experience in the configuration, testing, deployment and management of enterprise security software technologies (firewalls, SIEM, IDS / IPS, endpoint security, EDR)
• A college or university degree and / or relevant work experience in the area of information security is required
• Professional Certifications such as; CISSP, CISA, CISM, GCCC, GCED, GPPA, etc

Mandatory Qualifications

• Strong understanding of the principles relevant to confidentiality, integrity, availability, authentication and non-repudiation
• Strong understanding of network protocols
• Strong knowledge of major operating systems
• Strong knowledge of cloud technologies; including security services offered via the cloud; specifically, Amazon Web Services and Microsoft Azure.
• Strong knowledge of the indicators of compromise and what constitutes a targeted cyber- attack
• Experience managing an enterprise SIEM infrastructure with specific knowledge of Splunk Enterprise Security
• Experience managing a vulnerability management program; with specific experience with Big Fix and Tenable.
• Knowledge of DLP (Data Loss Prevention) technologies
• Knowledge of IDS / IPS technologies; specifically, Darktrace
• Knowledge of web filtering and proxy technologies; specifically, Palo Alto and McAfee
• Knowledge of common scripting languages such as, VB, Python, Powershell, BASH, & Perl
• Knowledge of incident response and handling protocols and methodologies
• Knowledge of Agile development, Secure Software Development Life Cycle and DevSecOps

Skills For Success

• Exceptional communication skills with diverse audiences
• Strong critical thinking and analytical skills
• Project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments
• Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
• The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background
• Excellent analytical skills and attention to detail

Key Working Relationships

• Information Security Team
• Enterprise Architecture Team
• IT Operations and Development Team(s)
• Senior Business Subject Matter Experts
• External Contractors

Spencer Stuart is an equal opportunity and affirmative action employer F/M/Disability/Vet/Sexual Orientation/Gender Identity