We are currently seeking a Vulnerability Assessment Manager to join our Information Security Operations team within the Information Technology Services (ITS) department here at the University of Southern California. A positive catalyst for leading change with a professional demeanor, the Vulnerability Assessment Manager drives the group’s strategies and goals through coaching, mentoring and career guidance, and develops and maintains strong partnerships with other teams, spurring end-to-end vulnerability remediation. This role will be responsible for directing ongoing assessments and penetration tests, assisting with strategic planning, supporting compliance and risk management activities, and pushing for improvements as necessary to mitigate risk.
The ideal candidate must possess five years of experience in Information Technology (or Information Security) and two years of experience leading a Vulnerability Management Program. He/she should also possess experience in Information Security management and a strong understanding of vulnerability management and security testing practices and methodologies.
Information Technology Services (ITS) is committed to providing information technology (IT) services and support to the university. ITS provides essential, university-wide services such as:
- Enterprise information systems
- University wired and wireless networks
- Educational Technology
- Research Computing
- IT Security
- Must have a Bachelor’s degree or combined education/experience as substitute for minimum education
- Minimum of 5 years of experience in Information Technology (or Information Security)
- Minimum of 2 years of experience leading a Vulnerability Management program
- Working experience within Information Security management
- Project Management experience
- Comprehensive understanding of vulnerability management and security testing practices and methodologies
- Proven understanding of cloud computing and security issues related to cloud environments
- Demonstrated understanding of common vulnerability frameworks (CVSS, OWASP Top 10) as well as Internet security and networking protocols
- Advanced understanding of system, application, and database hardening techniques and practices
- Demonstrated experience with the configuration management of Nexpose and AppScan
- Ability to evaluate business risks and recommend appropriate information security measures
- Able to interact effectively at all levels of an organization and across diverse cultural and linguistic barriers
- Ability to quickly adapt as the external environment and organization evolves. Ability to prioritize projects and deliverables
- Typically possesses 7 years of experience in Information Security
- Typically possesses or working towards CISSP, CISSP-ISSMP, CISM, and/or CRISC Certifications
- Typically possesses penetration testing experience using multiple pen-testing tools: Metasploit, Wireshark, Kali, NMAP etc.…
- Leads and supports the Vulnerability Assessment team, effectively driving team strategy, goals, and performance objectives. Establishes team and individual goals that support team objectives, coaching and mentoring, and providing career development guidance
- Develops and maintains strong partnerships with other teams to drive end-to-end vulnerability remediation, ensure consistent customer experience, convey a positive and professional demeanor, and be a positive catalyst for leading change
- Drive requirements definition, evaluation, recommendation, implementation, and troubleshooting of tools used by the Vulnerability Assessment team. Directs ongoing vulnerability assessments and penetration tests
- Assists with strategic planning, providing input on capabilities and methods used for vulnerability management and security testing, and driving improvements
- Supports compliance and risk management activities, recommending security controls and corrective actions to mitigate vulnerability risks
- Provides technical expertise for USC information security policies and standards
- Provides communications across the organization, interfacing with senior leadership on vulnerability remediation, driving security hardening best practices, and representing the Vulnerability Assessment team with customers and partners
- Establishes daily operations, regular communications, resource planning, providing guidance, relaying leadership expectations and leading team initiatives and activities.
- Recruits, screens, hires, trains and directly supervises all assigned subordinate staff. Evaluates employee performance and provides guidance and feedback. Counsels, disciplines and/or terminates employees as required. Recommends departmental goals and objectives, including workforce planning and compensation recommendations. Reassesses or redefines priorities as appropriate in order to achieve performance objectives.
- Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.
- Performs other duties as assigned or requested. The university reserves the right to add or change duties at any time.
- Master’s Degree
- 7 years of experience in Information Security
- Possesses or working towards CISSP, CISSP-ISSMP, CISM, and/or CRISC Certifications
- Experience as penetration tester