Senior Security Managger

Position Summary:

The Security team is organized around three pillars: Security Engineering & Operations, Security Architecture, and Governance, Risk & Compliance (GRC). The Sr. Manager Security is responsible for all the activities carried by the Security Engineering & Operations team.

In that capacity, the Sr. Manager works in close partnership with the Manager of GRC and the Architecture team to identify, design, implement, and maintain processes and technologies across the enterprise, to reduce information technology risks, and to maintain compliance, including FISMA, SOC2 and PCI.

In addition, the Sr. Manager provides security support for the ongoing development and operations of AAMVA systems, including the Driver Systems, Vehicle Systems, Verification Systems and Business Systems.

The Sr. Manager reports to the Chief Information Security Officer.

Essential Duties and Responsibilities:

• Implement and maintain technologies and processes that support enterprise information security policies and standards, to protect all sensitive information, including PII, which is processed or transmitted by AAMVA systems or stored in AAMVA repositories.
• Manage a 6-person team, responsible for goal settings and performance assessments, maintaining productivity, sorting out team priorities, managing conflicts and overall team effectiveness working with others.
• Responsible for:
• Endpoints security, including workstations and mobile devices.
• PKI infrastructure and certificates lifecycle management.
• Vulnerability management across all environments.
• User security support.
• Ongoing security support and continuous improvements for internally and externally facing AAMVA systems.
• Security monitoring, incident response and Tier 2 threat hunting.
• Application and network penetration testing and vulnerability assessments.
• Vendor management supporting security assessments, managed detection and response.
• Protect AAMVA data and infrastructure assets deployed in the cloud with built-in security services; implement a layered, defense in-depth strategy across identity, data, hosts, and networks; maximize flexibility with the use of software defined technology for infrastructure, security and networks.
• Maintain strong ties with the manager of GRC, the security architecture group and the CISO on how to best achieve the overall organization security objectives.
• Collaborate with AAMVA senior management and system owners to institute plans to mitigate the risks and address vulnerabilities impacting AAMVA services.
• Ensure AAMVA has the capability to respond to impactful emergency events and return to operations in an efficient and effective manner.
• Institute continuous security monitoring and automation that provides essential, near real-time view of the incidents detected in the environment, and to support timely incident response and mitigation actions.
• Promote AAMVA's image and technical expertise to state and federal government agencies through participation at conferences, round tables and committees.
• Advise IT and business stakeholders on emerging technologies regarding application architecture and recommend strategies to meet business objectives.
• Collaborate with AAMVA partners to support cost effective delivery of security for the enterprise.

Direct Reports to this Position:

• Security operations team: a 6-persons team comprising of Leads, Sr. Engineers, Engineers and an Associate.

Qualifications:

Formal Education:

• Master's degree in computer science or Equivalent

Professional Certifications:

• CISM or CISSP are a plus
• Azure certifications (e.g. AZ-500) are a plus

Knowledge, Skills and Abilities Required:

• 12+ years of experience in security, including:
  • Extensive experience with compliance frameworks such as NIST, SOC2 or PCI.
  • Extensive knowledge of cloud and network technologies with prior hands-on experience on the on-premises and cloud technology stacks.
  • Strategic thinker with extensive knowledge of current IT and computer science concepts, issues, practices, methodologies and trends, particularly those relevant to high performance and high availability transactional systems.
• Proven experience managing a team, including:
  • Proven ability to lead and inspire a team towards achieving goals.
  • Experience in developing and implementing long-term strategies.
  • Ability to handle and resolve conflicts within the team.
  • Skills in evaluating team performance and providing constructive feedback.
  • Ability to adapt to changing circumstances and lead the team through transitions.
  • Experience in mentoring and developing team members.
• Proven experience with project management, including:
  • Experience in managing projects from inception to completion.
  • Experience in managing budgets and financial resources.
• Leadership experience, including:
  • Proven ability to execute initiatives and to move projects and ideas forward with leadership and clarity.
  • Ability to effectively interact with all levels of management. Excellent communication skills, including high level of fluency in written and spoken English.

Other Requirements:

• While this is not a position that requires regular travel, occasional travel may be required.
• While most of the work is accomplished during normal business hours, the position may also require work to be done off hours, including nights and weekends.

Disclaimer Statement: The preceding job description has been written to reflect management's assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned.

AAMVA is an Equal Opportunity Employer-M/F/D/V