Manager, Security Engineering, Corporate Team- Remote (Anywhere in the U.S.)

***This role sits in the GuidePoint Security Corporate Information Security Team

General Description

GuidePoint Security is seeking a Security Engineer Manager who is passionate about security work, possesses both deep and wide expertise, including technical expertise, in the security space, and the leadership and management skills necessary to guide a team of Security Engineers in the performance of their day-to-day responsibilities.

The Security Engineering Team Manager will have diverse responsibilities within the security and compliance function here at GuidePoint, including implementing, maintaining, and responding timely to the various technical controls used to manage GuidePoint’s risk, as well as providing management of and stewardship for Security Engineering personnel and supported processes.  From a compliance standpoint, candidates must possess knowledge about and have experience with industry good practices, control frameworks, audit and assessment methodologies, and risk management strategies.

The Security Engineering Manager will help evolve and improve the enterprise’s risk management program at the strategic, operational, and tactical levels, with the intent of improving overall risk mitigation and increasing GuidePoint’s return on security investment.  This includes providing leadership and direction during the control selection process, maturing and optimizing existing controls (working with control vendors, as needed), and automating processes to the extent feasible using available workflow platforms.

The Security Engineering Manager will work closely and in partnership with the Corporate IT team and business partners to identify the optimal solutions that balance operational need with risk management. This necessitates having a strong technical acumen, the desire to learn about and to protect various technologies, and the ability to work as part of a multifunctional team.

Additionally, the Security Engineering Manager will support the Corporate Information Security (CIS) Governance, Risk, and Compliance (GRC) team during audits and assessments.

Role and Responsibilities:

• Manage Security Engineering personnel comprising your team, including day-to-day leadership and management, serving as an initial escalation point for issues and handling personnel actions.
• Deliver and help improve security-related processes including (but not limited to): configuration management; email security; data loss prevention, vulnerability management; control monitoring; and incident response.
• Engineer, implement, monitor, and manage security measures intended to protect information resources.
• Be responsible for configuring and troubleshooting security controls, both for hosted technologies and those maintained on-premises, as appropriate.
• Partner with IT to handle security-related responsibilities inherent to the companies IT environment, to include implementing technical solutions for automating repeatable tasks.
• Identify and define system security requirements consistent with and aligned to policy, standards, and industry good practice.
• Serve as Security Engineering’s lead for designing IT architectures by ensure GuidePoint incorporates cybersecurity into each architecture’s design.
• Support compliance-related efforts, including the following, as needed: contract reviews; supplier risk management; completing ongoing control assessments; and supporting internal and external audits and security testing.
• Document, manage, and maintain policies, standards, processes, procedures, and protocols for delivering a designated complement of Security Engineering’s portfolio of services.
• Develop and publish reports measuring security control performance, and which contribute to implementing substantive system control enhancements.
• Other duties as assigned.

Required Experience:

• Eight or more years of experience working in the information security industry or IT with security responsibilities.
• Three or more years of direct leadership experience.
• Five or more years of experience directly administering technical controls (e.g., identity and access management, malware protection, network segmentation, vulnerability management, etc.).
• Five or more years of experience either performing assessments/audits for, or demonstrating compliance with, one or more security practice frameworks or compliances (e.g., ISO 27001, SOC 2 Type 2, SOX, PCI DSS, etc.).
• Three years of experience supporting incident response and a working knowledge of incident response good practices.
• Direct experience with third party contracting and supplier risk management.
• Experience developing written security engineering-related policies, standards, and processes.
• Excellent written and verbal communication skills.

Additional Experience (including preferred)

• Bachelor’s or advanced degree, optimally in technology or business.
• Possess at least one current security-related certification and be in good standing with certifying organization (e.g., CompTIA Security+, CISSP, GIAC certs, etc.).
• Possess current or previous technical certification (e.g., MCSA/MCSE, CCNA, AWS Cloud Practitioner, etc.).
• Published security- and/or compliance-related article(s) in the public domain.

Travel Requirements:

• Minimal travel requirements (between 5-10%)