Plan and direct the work of a unit whose staff design and administer procedures to detect and respond to cybersecurity incidents. Lead Information Security’s Security Operations Center (SOC) function. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security.
- Develop procedures intended to sustain the security of the organization's data and access to its technology and communications systems. Ensure the distribution and communication of these procedures in appropriate systems and media.
- Plan the performance of tests (and simulated attacks) on the security procedures of the organization's systems and communications technology to assess their vulnerability and ways in which existing security measures are adequate or insufficient.
- Track daily reporting of breaches or attempted breaches of the organization's data and systems security measures in order to plan appropriate upgrades of security or new measures or operating procedures needed to advance security interests.
- Track security measures of clients or partners of the organization that may compromise sensitive data or information. - Communicate the organization's security standards or specific concerns to clients or partners regarding their operating procedures.
- Report to senior management on the unit's production, activities, and efforts.
- Represent the unit as an expert or resource to cross-functional project or coordinating teams.
- Plan, document, and manage the performance of subordinate managers and/or staff. Provide for professional or technical growth through assignment, mentoring, or training.
- Plan and manage the unit's budget. Approve expenditures or budget transfers.
- Knowledge of intelligence analysis and analytic tradecraft, preferably in the cyber domain.
- Knowledge of risk analysis methodologies, preferably Factor Analysis of Information Risk (FAIR) or other Value-at-Risk (VaR) models.
- Knowledge of incident detection methodologies, including network-based and host-based signatures.
- Knowledge of incident handling methodologies and practices, including log and system forensics.
- Knowledge of insider threat programs
- Knowledge of malware and malware analysis.
- Skill in driving consistent and effective process execution.
- Skill in cybersecurity incident coordination, communication, and reporting.
- Skill practicing a wide range of leadership approaches to match situational requirements, from fostering talent within a team, to balancing business and cyber risk, and aggressively driving incident containment.