Manager IT Security
Think Bigger. Build Smarter. Create Great Software.
SmartBear helps the world’s most recognized companies develop the world’s best applications. SmartBear has played a role in the ride you ordered, the banking app you use, the item you posted for auction, or that flight you just purchased. SmartBear's award-winning suite of testing software enables organizations to meet frequent release deadlines without sacrificing software quality, all while reducing testing costs. Additionally, our award-winning collaboration software helps development, testing and management teams work together to produce high quality software elevating a business’ ability to communicate and complete objectives more efficiently.
Due to massive growth and market success, SmartBear is continuing to hire employees rapidly to scale our company globally and will be hiring a Manager of IT Security to join our team. Reporting to the Global Director of IT, the Manager of IT Security will be responsible for increasing information integrity, confidentiality, and availability through the integration of security policies, security awareness, access controls, environmental controls, and the implementation of security-related technology. Responsibilities will include working with the IT team, Development teams, and business units to develop, maintain, and monitor an effective information security program designed to ensure the logical and physical protection of the company’s technical resources, which include data/information, equipment, and software.
Responsibilities
- Establish a framework, policies, procedures, and awareness: Leads the effort to develop security standards, procedures, and guidelines for multiple platforms, applications, and diverse systems environments as well as evaluating existing information security procedures and identifying new areas of risk.
- Leads the effort to develop, enhance and implement security training program based on policies.
- Compliance: Identifies regulatory changes that will affect information security policy, standards, and procedures and recommends appropriate changes. Prepares action plan and monitors corrective measures to maintain adequate level of security to meet audit and regulatory requirements.
- Testing and Remediation: Coordinates the efforts, assist in the responses and tracks the remediation of Information Security Program Assessments and Risk Assessment. Coordinated internal and external audits related to Information Security.
- Identity Management: Develops and manages role-based access requirements, methods, processes and tools, including identify and authentication management Data Classification: Manage the information lifecycle, including information inventory, classification, handling, retention and disposal.
- Disaster Recovery: Establish updates and maintains the IT Disaster Recovery and Business Impact analysis efforts. Coordinates and documents table top exercises and Disaster Recovery tests.
- Vendor Reviews: Conduct Vendor Security Risk Assessments to determine which vendors have access to confidential information and perform detailed assessment based on the risk.
Qualifications
- 10+ years of relevant IT Security work experience including datacenter integration
- BS in Computer Science or IT related field required,
- Base certifications in the security industry. Examples: CCNA, MCITP/MCSE, CCSP, Security+
- Advanced Certifications strongly preferred. Examples: CISSP, CISA, CISM, SANS, Vendor specific
- Proficient in network security structure and placement of security services such as firewalls, IDS/IPS, and content filtering
- Experience with data protection & archiving, disaster recovery, business continuity and implementation
- Ability to create documentation that describes technical details in a meaningful manner
- Ability to work across multiple teams from Help desk, Infrastructure, Legal, DevOps and Executive Leadership
- Implemented and/or managed security event incident management solutions (SEIM), experience performing security incident response and/or investigation
- Industry knowledge of border testing, security policies, DR procedures & policies, remediation strategies and risk assessment is required.
- Knowledge of industry and best practices from organizations such as International Standards Organization (ISO), Center for Internet Security (CIS and national Institutes of Standards (NIST) is a plus
- Deep understanding of current and emerging threats, vulnerabilities, and attack vectors used to compromise enterprise and critical infrastructure. Prior experience in developing mitigation strategies to combat those risks is required
- Experience analyzing malicious network traffic using packet-level capture techniques
- Experience performing manual evaluation of networks, systems and applications for vulnerabilities including examining firewall rulesets, current patch levels, and inspecting logs for anomalous entries
- Experience evaluating enterprise network and system architectures to determine recommended security improvements
- Strong knowledge of IT controls, including security concepts and terminology related to applications, databases, operating systems, and IT operations
Preferred Skills
- Knowledge of JIRA is a plus
- Experience with tools like Qualys and Tanium
- Experience with information security, cyber security, and privacy issues and awareness of regulated data environments (e.g. PCI, SOX, FERPA, HIPAA, and COPPA) a plus
- Ability & desire to learn new product lines and technologies quickly & efficiently
- Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude
- Strong written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
- Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism
- Ability to complete work to given quality standards by agreed-upon deadlines
About Us
SmartBear is behind the software that empowers developers, testers, and operations engineers at over 20,000 of the world’s most innovative organizations including Adobe, JetBlue, MasterCard, and Microsoft. More than 6 million people use our tools to build, test, and monitor great software, faster. Our high-impact tools are easy to try, easy to buy, and easy to use. These tools are backed by a team of people passionate about helping you create software that transforms our world. Those tools are SmartBear tools. That team is SmartBear. For more information, visit: http://smartbear.com, or follow us on LinkedIn, Twitter, or Facebook.
SmartBear is an equal employment opportunity employer and encourages success based on our individual merits and abilities without regard to race, color, religion, gender, national origin, ancestry, mental or physical disability, marital status, military or veteran status, citizenship status, age, sexual orientation, gender identity or expression, genetic information, medical condition, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), or any other legally protected status.