Cybersecurity Strategist

Global Cybersecurity Manager
The Global Cybersecurity Manager plays a pivotal role in maintaining and continuously improving the organization's cybersecurity framework. This includes monitoring and controlling security risks, threats, vulnerabilities, and incidents across the IT and business practices.
This role involves developing and facilitating effective security logs and incident management, analytics, and reporting capacities. The position works closely with global, regional, and local Information Security and IT resources to design, test, implement, and maintain effective security controls.
The Global Cybersecurity Manager is responsible for:

• Communicating and collaborating with internal clients to contribute to security direction and provide technical guidance on current and future technical security directions.
• Acting as a cybersecurity subject matter expert throughout projects' lifecycles, including functional requirements, design specifications, testing, quality assurance, implementation, and support.
• Providing input to the annual Information Security budget cycle.
• Ensuring that security requirements are identified early on and incorporated into all projects/applications:
  • Investigating, recommending, evaluating, deploying, and integrating security tools and techniques to improve the organization's ability to protect its assets and infrastructure.
  • Developing and maintaining documentation of relevant IT systems and security controls.
  • Assessing and capturing security requirements within the context of enterprise application architecture.
  • Ensuring that application development and deployment meet the organization's security standards.
  • Providing security input to design and application architectural reviews.
• Reporting on risks, risk mitigations, and residual business risks.
• Developing comprehensive and accurate reports and presentations for both technical and executive audiences.
• Developing recommendations for improvements.
• Monitoring appropriate sources for newly identified threats and vulnerabilities.
• Effectively communicating findings and strategy to client stakeholders, including technical staff, executive leadership, and legal counsel.
• Recognizing and safely utilizing attacker tools, tactics, and procedures.
• Developing methodologies to enhance red teaming processes.
• Assisting with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff.
• Executing and/or leading (when required) red team assessments to highlight gaps impacting the organization's security posture.
• Researching new/emerging security threats, vulnerabilities, and exploit techniques.
• Responding to new attack surfaces and helping implement new requirements as needed.
• Developing, managing, and maintaining security testing industry frameworks and best practices: Cloud Security Alliance (CSA), NIST, SANS, CIS.
• Partnering with Global Information Security and Business Continuity team members across the network to drive secure outcomes based on industry best practices.
• Playing a key role in the Global Cybersecurity Team on developing threat modeling and new detection techniques, based on trending attack surfaces.
• Providing support to business digital projects through the entire project lifecycle (threat modeling, requirements definition, verification, and validation).

Job Specification

Qualifications

• Bachelor's Degree in a technical discipline or equivalent work experience.
• Certifications are not required, but will be considered in the evaluation process. Applicable certifications include: SANS, Splunk, CISSP.
• Knowledge of security and control frameworks (such as ISO 27001, CobiT, NIST).
• Security certifications (CISSP, GIAC, CEH, CISM, OSCP) will be an asset.

Experience

• Minimum 4-6 years of experience in a Security Manager/Analyst Role.
• Experience in a financial institution will be considered as a plus.
• Experience working in a large international organization or network will be considered as a plus.
• Experience with IT security assessments.
• Experience with common assessment tools (examples Qualys, Tenable, Rapid7).
• Experience communicating assessment results to audiences with diverse technical proficiency.
• Experience constructively articulating business impact of vulnerabilities to various stakeholders.
• Experience with correlating and analyzing logs and events from various sources (e.g. Vulnerability Scanning, Virus Protection, SIEM).
• Experience with producing and customizing security queries, reports, and dashboards from various sources (e.g. Vulnerability Scanning, SIEM, Virus Protection).
• Experience conducting application security reviews preferred.
• Experience with scripting languages desired.

Key Skills

• Able to explain and deliver technical solutions in a practical way.
• Able to manage simultaneously multiple projects involving various stakeholders and to deliver results within deadlines.
• Work well in a team environment including cross-functional and cross-organizational teams maintaining composure in difficult situations with a professional attitude and ownership mindset.
• Excellent communication (oral and written) and interpersonal skills.
• Proven ability to delegate and to empower teams.
• Ability to be a strongly credible ambassador for the organization, including making presentations, and able to establish respect and credibility with media outlets.
• Strong skills in analysis, problem-solving, and resolving disputes.
• Strong technical reporting skills.
• High degree of initiative and ability to work with little supervision.
• Knowledge of Windows, Linux, and Unix operating systems. Hands-on experience a plus.
• High level of personal integrity, and the ability to professionally handle confidential matters with appropriate judgment and maturity.
• Penetration testing skills are considered a plus.
• Eager to learn and expand cybersecurity knowledge.

Language Skills

• Fluency in English.
• Fluency in other organizational working languages, such as Spanish, French, or Russian is a plus.
• Availability to travel up to 50% of the time.

---