Head Of Threat Management

Our client in Financial Services is looking to add a new leader to their security team. The Head of Threat Management will lead and oversee all cybersecurity operations, including the monitoring, identification, mitigation, remediation, and measurement of cyber risks and collaborating with all segments of the organization to prevent and detect threats, and protect their assets.

As a strategic cybersecurity leader, you will lead all aspects of Vulnerability Management, Penetration Testing and Ethical Hacking, Threat Intelligence and Threat Hunting, Cryptography and Encryption. You will also lead Incident Response, End-Point Detection & Response, Network Detection & Response, Security Incident & Event Management (SIEM), Open-Source Threat Intelligence, Red and Blue Teams, and Cyber Operations.

Essential Responsibilities:

• Responsible for incident response leadership and coordination of enterprise cyber security incidents
• Lead a team responsible for identifying, triaging, filtering, and documenting vulnerabilities and threats across the enterprise and working with business unit partners to harmoniously resolve security matters
• Develop robust alerting and reporting mechanisms to potential cyber threats and oversee and augment product and enterprise security response operations
• Brief executive leaders on potential emergent threats and ongoing efforts to resolve active cyber security incidents and investigations
• Work with executives across department lines in developing product vulnerability remediation and incident response
• Building, augmenting, and integrating threat detection and remediation capabilities into security operations to address emergent cyber threats to the companies products, services, data, and infrastructure
• Responsible to identify anomalies or patterns in vulnerability scans, penetration tests, and logging and event management results that may indicate pre-incident indicators, ineffective processes, procedures, standards and recommend and communicate findings, both in written reports and in presentation format, to the Information Security Team and business unit partners
• Partner with vendors and service providers to orchestrate penetration testing, red teaming, and organize deception use cases for continuous strengthening of posture
• Continuous tracking, remediation and verification of vulnerabilities, penetration testing activity, and threat management workflows
• Operational responsibility in the disciplines of incident response while advancing the program development of key risk and performance indicators in support of compliance metric tracking and reporting procedures
• Ensure consistent evaluation of scan results identifying immediate threats, assessment of risk and corrective actions for a large volume of Cloud and on-premises assets using an established information security assessment methodology
• Drive key findings and root cause analysis improvements with key senior leadership across the company
• Coach and mentor teams across functions in effectively running incident response tabletop exercises, mock drills, and other readiness activities
• Build and maintain a fully mature enterprise-wide Vulnerability, Incident Response and Cyber Threat Management program
• Develop strategies for long term integration and reporting of threats and IoC’s from multiple attack surfaces, such as but not limited to user behavior, identity abuse, malware, external threat actors, data leakage, and data abuse

Qualifications:

• Extensive experience and strong understanding of multiple forms of Indicators of Compromise (IoCs) and corresponding capabilities to detect, alert on them, and share information across business partners
• Strong experience in Microsoft Azure platform including Azure Sentinel, Microsoft Cloud App Security, Microsoft 365 Security Centre, Microsoft Security & Compliance Centre, etc
• Experience with security incident response of broad-based cyber threats including but not limited to a firm understanding of digital forensics and the industry best practices for Incident Response and Executive reporting for lessons learned
• Superior leadership, collaboration, and interpersonal skills with a demonstrated ability to work effectively and build consensus in a multi-functional team environment
• Strong knowledge and experience of Vulnerability Management platforms (e.g. Tenable, Rapid7, Qualys, Microsoft, etc.) and end-to-end vulnerability lifecycle including mitigations and remediations
• Extensive experience collaborating with the external security research community and cultivating durable relationships with external agencies and companies to produce a pipeline of high-quality threat intelligence
• Exceptional knowledge of the external security community’s culture and mindset
• Experience coordinating security incident meetings, dividing responsibilities, and influencing key stakeholders to resolve security incidents
• Education at the bachelor level in Computer Science, Engineering, or equivalent technology related experience
• Extensive experience with Security Response frameworks and organizational models
• Strong desire to implement change and contribute to the organization
• Strong communication (verbal/written) and good interpersonal skills to build relationships with internal and external business partners and vendors
• Superior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environment
• Knowledge of the Financial Services industry would be an asset
• One or more industry recognized network certifications and/or professional designations; CISSP, CEH, CPT, CISM, CISA, CIPP, GIAC certification is preferred
• Extensive experience with Annual Threat Assessment and Control Gap Analysis
• Drive to learn new things about vulnerability management, exploits, hacker techniques, and overall security operations
• 6+ years of work experience in leading threat detection, incident response, digital forensics, and vulnerability mitigation in an Information Security Operations capacity or in a related field such as IT/network incident response and vulnerability remediation
• Hands-on experience in implementing Information and Cyber Security defenses in multi-cloud platforms including GCP and Azure
• Deep knowledge of Microsoft M365 platform including Azure Active Directory Identity Protection, Microsoft Defender, Exchange Online Protection, Azure Identity Protection, Data Loss Prevention, Sensitivity Labels, Advanced Threat Protection, Microsoft Intune, and Conditional Access Policies, etc.
• Extensive experience with building and reporting on Key Performance Indicators (KPI), Key Risk Indicators (KRI) and establishing thresholds with corrective actions

Thank you for your interest.