Manager, Security Engineering, Corporate Team- Remote (Anywhere in the U.S.)

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

***This role sits in the GuidePoint Security Corporate Information Security Team

General Description

GuidePoint Security is seeking a Security Engineer Manager who is passionate about security work, possesses both deep and wide expertise, including technical expertise, in the security space, and the leadership and management skills necessary to guide a team of Security Engineers in the performance of their day-to-day responsibilities.

The Security Engineering Team Manager will have diverse responsibilities within the security and compliance function here at GuidePoint, including implementing, maintaining, and responding timely to the various technical controls used to manage GuidePoint's risk, as well as providing management of and stewardship for Security Engineering personnel and supported processes. From a compliance standpoint, candidates must possess knowledge about and have experience with industry good practices, control frameworks, audit and assessment methodologies, and risk management strategies.

The Security Engineering Manager will help evolve and improve the enterprise's risk management program at the strategic, operational, and tactical levels, with the intent of improving overall risk mitigation and increasing GuidePoint's return on security investment. This includes providing leadership and direction during the control selection process, maturing and optimizing existing controls (working with control vendors, as needed), and automating processes to the extent feasible using available workflow platforms.

The Security Engineering Manager will work closely and in partnership with the Corporate IT team and business partners to identify the optimal solutions that balance operational need with risk management. This necessitates having a strong technical acumen, the desire to learn about and to protect various technologies, and the ability to work as part of a multifunctional team.

Additionally, the Security Engineering Manager will support the Corporate Information Security (CIS) Governance, Risk, and Compliance (GRC) team during audits and assessments.

Role and Responsibilities:

• Manage Security Engineering personnel comprising your team, including day-to-day leadership and management, serving as an initial escalation point for issues and handling personnel actions.
• Deliver and help improve security-related processes including (but not limited to): configuration management; email security; data loss prevention, vulnerability management; control monitoring; and incident response.
• Engineer, implement, monitor, and manage security measures intended to protect information resources.
• Be responsible for configuring and troubleshooting security controls, both for hosted technologies and those maintained on-premises, as appropriate.
• Partner with IT to handle security-related responsibilities inherent to the companies IT environment, to include implementing technical solutions for automating repeatable tasks.
• Identify and define system security requirements consistent with and aligned to policy, standards, and industry good practice.
• Serve as Security Engineering's lead for designing IT architectures by ensure GuidePoint incorporates cybersecurity into each architecture's design.
• Support compliance-related efforts, including the following, as needed: contract reviews; supplier risk management; completing ongoing control assessments; and supporting internal and external audits and security testing.
• Document, manage, and maintain policies, standards, processes, procedures, and protocols for delivering a designated complement of Security Engineering's portfolio of services.
• Develop and publish reports measuring security control performance, and which contribute to implementing substantive system control enhancements.
• Other duties as assigned.

Required Experience:

• Eight or more years of experience working in the information security industry or IT with security responsibilities.
• Three or more years of direct leadership experience.
• Five or more years of experience directly administering technical controls (e.g., identity and access management, malware protection, network segmentation, vulnerability management, etc.).
• Five or more years of experience either performing assessments/audits for, or demonstrating compliance with, one or more security practice frameworks or compliances (e.g., ISO 27001, SOC 2 Type 2, SOX, PCI DSS, etc.).
• Three years of experience supporting incident response and a working knowledge of incident response good practices.
• Direct experience with third party contracting and supplier risk management.
• Experience developing written security engineering-related policies, standards, and processes.
• Excellent written and verbal communication skills.

Additional Experience (including preferred)

• Bachelor's or advanced degree, optimally in technology or business.
• Possess at least one current security-related certification and be in good standing with certifying organization (e.g., CompTIA Security+, CISSP, GIAC certs, etc.).
• Possess current or previous technical certification (e.g., MCSA/MCSE, CCNA, AWS Cloud Practitioner, etc.).
• Published security- and/or compliance-related article(s) in the public domain.

Travel Requirements:

• Minimal travel requirements (between 5-10%)

We use Greenhouse Software as our applicant tracking system and Free Busy for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don't miss updates on your application.


Why GuidePoint?

GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 900 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 3,500 customers.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company's success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks....

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• 100% employer-paid medical premiums (employee only $0 deductible and HSA plans) along with 75% employer-paid family contributions
• 100% employer-paid dental premiums (employee only) along with 75% employer-paid family contributions
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option