Security Operations Manager

Position Description

UNOS is seeking a highly technical senior information security professional to lead our security operations team and serve as the enterprise Information Security Architect. This manager-level role reports to the Assistant Director of Information Security. The Information Security Operations Manager role is responsible for leading the 24/7 security operations team, designing and integrating information security systems into UNOS' technology architecture, and partnering with leaders in Architecture, Operations and Engineering to successfully operate and deliver on business and technology initiatives.

Key Responsibilities

• Information Security Architecture, Systems Design and Implementation: Develop UNOS' cyber security posture and lead continuous evolution of capabilities to protect and preserve critical information

• Conceive, architect, and direct implementation of the systems and processes that provide detective, preventive and corrective infrastructure controls for all UNOS operating environments.

• Own the strategic vision for UNOS' infrastructure security architecture, including policy and frameworks, and ensure that they are aligned with overall business, IT, and operational strategies.

• Develop and maintain information security architectural goals and roadmap

• Support secure development lifecycle practices that emphasize early security design review to ensure that rapid iteration stays firmly planted in a strong security foundation.

• Partner with the Enterprise Architecture team, being the security subject matter expert and lead for technical design of information security systems and architecture

• Perform ongoing evaluation and assessment of the business need for information security systems and make recommendations to change the architectural roadmap

• Develop security solutions by analyzing information requirements; determining systems architecture, components, and technologies; studying business operations and user-interface requirements.

• Thorough knowledge of, and experience with industry, best-practice approaches to information security, information assurance (e.g. SOC 2 Type II, NIST SP 800-171) and risk management.

• Develop analytical models and complete validation tests to confirm security architecture capability and flexibility.

• Test design features to determine success of design of solutions and impact to business needs

• Work with technology teams in Infrastructure, Data and Software Engineering and Business Development to ensure architecture goals are coordinated in all areas

• Remain current with information and cyber security technologies and trends

• Project Consulting: Provide consultative resources to project teams to ensure security architectural goals are being met

• Participate in project initiation to provide mentoring and guidance on secure design

• Team Leadership and Improvement: Lead, mentor and train staff on information security technologies and processes

• Coach the Security Operations team in management of information security tools (e.g. Splunk, CrowdStrike, Tenable).

• Oversee Security Incident Response program, including training and regular testing.

• Participate in regular process improvement activities and operational metrics design and tracking.

• Information Security Technology Operational Support: Act as the escalation point for chronic and high impact security operations support issues and assist in development of mitigation plans

Minimum Requirements

• 5+ years of technical experience working in the Information and Cyber Security field required. 7-10 years preferred.
• 2+ years demonstrated success in managing a 24/7 security or technical operations team. 5+ years of overall people management preferred.

Critical Skills

• Ability to analyze systems based on business and technical user stories/requirements to design solutions that best meet the overall objectives of stakeholders
• Ability to strategically analyze and articulate risks, benefits and opportunities associated with a proposed design or solution.
• Demonstrated ability to design and implement complex infrastructure, applications, networks and systems with the goal of meeting business and security objectives
• Demonstrated ability to design modifications to existing systems that improve security without compromising business objectives
• Ability to design complex information security systems that impact multiple domains across Service Operations and Software Engineering
• Ability to review and mentor the work of others in evaluating business objectives, detailing security user stories and generating technical specifications
• Champion information security throughout the organization
• Ability to estimate total costs of proposed solutions, including effort, acquisition costs and on-going costs

Additional Skills & Qualifications

• Experience leading multiple large projects, leading definition, selection and implementation of security tools, technologies and processes.
• Hands-on experience implementing and administering information security, infrastructure and software systems.
• Experience evaluating potential solutions, selecting and recommending the best solution
• Experience producing design documents that are used by others to effectively implement solutions.
• Experience designing and implementing security technologies, such as IDS/IPS, SIEM, access controls, encryption and forensic tools.
• Experience managing vendor relationships.

Education

• 4-year degree in Computer Science/Engineering, IT or other related fields of study, or equivalent work experience

Physical Requirements

• General office demands
• Prolonged periods of sitting at a desk and working on a computer.
• Frequent reaching, handling, and fine manipulation for using office equipment, filing, and managing paperwork.
• Manual dexterity sufficient to operate a keyboard, mouse, and other office tools.
• Occasional standing, walking, and bending.
• Ability to lift up to 10-20 pounds occasionally.
• Vision abilities required include close vision for computer work and reading documents.
• Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.