Manager, Information Security

The responsibility of this role is to oversee and ensure the establishment of cybersecurity and IT risk management program across ITFC, and to act as the focal point for cybersecurity and IT risk governance activities. Responsible for the design, management and review of ITFC's cybersecurity and IT risk management policies, standards, and baselines to ensure secure operation of ITFC information & systems. Conduct both network and user activity audits where required to determine security needs. Providing guidance and required training on matters relating to cybersecurity, ensuring the implementation of necessary actions to adhere to applicable laws/regulations, standards, and guidelines.

Core Responsibilities

Network Administration and Security

1. Manage protection of information systems, the detection of threats to ITFC systems, and the response to detected threats and cyber-attacks.
2. Safeguards information system assets by identifying and solving potential and actual security problems.
3. Protects system by defining access privileges, control structures, and resources.
4. Recognizes problems by identifying abnormalities, reporting violations.
5. Implements security improvements by assessing the current situation; evaluating trends; anticipating requirements.
6. Determines security violations and inefficiencies by conducting periodic audits.
7. Upgrades system by implementing and maintaining security controls.
8. Keeps users informed by preparing performance reports, communicating system status.
9. Maintains quality service by following organization standards.
10. Maintains technical knowledge by attending/coaching educational workshops, reviewing publications.
11. Contributes to team effort by accomplishing related results as needed.

Performance Monitoring

1. Manage and Troubleshoot network systems issues and submit recommendations for improvements in network operation and management.
2. Plan for disaster recovery and create contingency plans in the event of any security breaches.
3. Engage in and manage 'ethical hacking', for example, simulating security breaches.
4. Identify potential weaknesses and implement measures, such as firewalls and encryption.

Vendor Management

1. Coordinate with vendors to expedite the resolution of problems.
2. Evaluate vendor solutions to ensure compliance with requirements and cost effectiveness.

Service Management

1. Act as escalation point for all requests and incidents related to network.
2. Follow up on issues and provides subject matter expertise support for diagnosing and resolving problems.
3. Prepare technical and procedural documentation of network infrastructure.
4. Conduct root cause analysis for assigned incidents and recommend software or hardware changes to rectify problems.

Firewall Management (On-Premise and Cloud)

1. Oversee configuration, monitoring, and maintenance of on-premises and cloud-based firewalls, ensuring they are optimized to prevent unauthorized access and detect potential threats.
2. Define and implement firewall rules and policies, including access controls, to secure network traffic according to organizational and compliance standards.
3. Conduct regular audits and vulnerability assessments on firewalls to identify and mitigate any potential security weaknesses.
4. Collaborate with network and system teams to troubleshoot and resolve firewall-related issues while minimizing downtime and disruption.

Cloud Security Management (Defender for Cloud)

1. Configure, manage, and optimize Microsoft Defender for Cloud settings to enhance security posture across cloud resources, including VMs, databases, and storage accounts.
2. Develop and enforce security policies within Defender for Cloud to monitor and mitigate risks associated with cloud infrastructure, applications, and data.
3. Utilize threat intelligence, alerting, and automation features within Defender for Cloud to detect and respond to security incidents.
4. Implement security best practices for cloud platforms, including Identity and Access Management (IAM), encryption, and secure configuration.

Network Security

1. Design, implement, and maintain secure network architecture, incorporating firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and network segmentation strategies.
2. Conduct network traffic analysis and continuous monitoring to identify anomalies or suspicious activities that may indicate potential security threats.
3. Work closely with IT teams to deploy and configure network devices, ensuring compliance with security policies and best practices.
4. Lead initiatives to secure endpoints, enhance network resilience, and respond to vulnerabilities or incidents affecting network integrity.

Threat Monitoring and Incident Response

1. Implement and oversee threat monitoring processes using security information and event management (SIEM) systems, integrating data from firewalls, Defender for Cloud, and network devices.
2. Develop and execute incident response protocols for network, firewall, and cloud security incidents, minimizing impact through quick containment, analysis, and remediation.
3. Perform post-incident analysis and reporting to identify root causes, improve firewall configurations, and update security policies as needed.

Compliance and Documentation

1. Ensure firewall, network, and cloud security policies comply with relevant regulations and industry standards (e.g., NIST, ISO 27001).
2. Maintain documentation for all security configurations, procedures, and policies to facilitate audits and enhance knowledge sharing across IT teams.
3. Conduct regular security assessments, risk analyses, and penetration tests on cloud and on-premises systems to verify compliance and mitigate vulnerabilities.

Service Level Agreements (SLA)

1. Monitor production, outputs, and services to ensure that SLAs, and other quality metrics, are being met.
2. Developing SLAs.

• Bachelor's degree in IT
• Master's degree is desirable
• Advanced certifications such as SANS GIAC/GCIA/GCIH and/or SIEM-specific training and certification
• Relevant certifications are an advantage (such as IAM Level I Security+ CE, CAP, CND, Cloud+, CSLC, CEH, CISM, CISSP, CASP, CCNA-Security)
• DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent)
• Firewall and Network Security: Certifications like Checkpoint Certified Security Administrator (CCSA) or Palo Alto Networks Certified Network Security Engineer (PCNSE) show expertise in managing and configuring firewall systems.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), which provide a comprehensive understanding of security management practices.
• Cloud Security: Microsoft Certified: Security Operations Analyst Associate or Azure Security Engineer Associate for Microsoft Defender for Cloud and other Azure security components.
• Certified Cloud Security Professional (CCSP) or AWS Certified Security - Specialty for more general cloud security expertise.
• Network Security: CompTIA Network+ or Cisco Certified CyberOps Associate for foundational and advanced knowledge in networking security principles and operations.

• Firewall Management: Proficiency with firewall technologies and platforms (e.g., Cisco ASA, Palo Alto, Checkpoint) for setting up, configuring, and maintaining firewalls on both on-premises and cloud platforms.
• Cloud Security Expertise: In-depth understanding of cloud environments, especially Microsoft Azure, to manage and secure cloud services, implement Defender for Cloud policies, and perform risk assessments.
• Networking Knowledge: Strong grasp of network protocols, segmentation, VPNs, IDS/IPS, and secure configuration of network devices.
• Security Monitoring and Incident Response: Proficiency in using SIEM tools (e.g., Splunk, Microsoft Sentinel) for monitoring, alerting, and responding to cybersecurity incidents across firewall and cloud environments.
• Risk Assessment and Compliance: Ability to assess risk in IT systems and ensure compliance with standards like NIST, ISO 27001, and PCI DSS.