Manager, IT Risk & Security Operations

Core Accountabilities: Manage the evaluation, configuration, operation and maintenance of security software, systems and procedures to ensure optimal performance while adhering to policy, standards, and procedures. Research potential changes to enhance the systems security, providing guidance to enhancing systems, policies, standards, and procedures. Manage the implementation of changes into the systems and applications in an accurate and timely manner by co-chairing the Change Approval Board. Communicate and present security requirements and procedures to new and current users and projects acting as an escalated point of contact for questions and concerns. Assist in providing security awareness training for all employees. Lead resolution of security application and system failures and provide general analysis and operations support assisting in any escalated concerns and troubleshooting. Assist and provide leadership into cybersecurity incident response efforts. Manage the analysis and defining of specific security software and hardware needs. Research new products and security tools, keeping up-to-date on industry trends and methodologies for incorporation into the company's platforms and frameworks. Develop and research security product concepts and requirements relaying the correct information to assigned staff to ensure clear and consistent communication. Oversee risk assessments and vulnerability analysis of networks and systems and ensure remediation activities are being completed. Coach, develop, and mentor subordinates to achieve efficiencies and quality performance via informal and formal methods such as appraisals and performance reviews. Know and support approved corporate and departmental policies and procedures relating to business procedures, philosophies and conduct ensuring communications, understanding and acceptance by staff. Provide leadership and direction on assigned projects/initiatives including project risks and associated contingency plans; continuous project monitoring; and proper documentation. Key Outputs/Results: A well designed Information Security Operations Program and supporting roadmap designed to mitigate the key risks to Crocs business Critical operational analytics and metrics in business facing formats and presentation Delivery of annual PCI ROC on time Become a trusted adviser, build collaborative relationships with Regional IT teams, partner corporate IT teams, key internal business partners and critical vendor/partners Delivery of assigned projects, initiatives, and services that are aligned with Crocs Business Strategy and IT Strategy Maintenance and management of clear and concise cybersecurity incident response policy and procedures. Global IT security solutions successfully delivered in region to cost, schedule and meeting strategic business requirements. Work with business partners to understand evolving securityrisks. Key Relationships: Director of Global IT Risk & Security Regional IT Directors and Managers teams Corporate colleagues and collaboration teams (i.e. EComm, HR, Legal and Compliance) Strategic managed service partners and vendors Industry peers (best practice sharing; joint influencing of vendor solution road maps) IT Infrastructure and Support Managers and Engineers. Corporate Compliance Crocs Retail IT Teams Essential Knowledge: University degree or equivalent work experience Experience in at least 3 of the following areas PCI Compliance within the context of Business as Usual (BAU) Threat Intelligence & Vulnerability Management Security Awareness Security Operations of Firewalls, SIEM, IPS/IDS, etc. Third-party Service Provider Assurance Policy & Procedure Documentation Good business acumen Experience working with Managed Service Partners Strong knowledge across a broad set of infrastructure solutions/concepts including Cloud Computing, SAN Storage, Desktop computing, WAN and LAN concepts Technical Skills: 7+ years as senior IT leader 5+ years as a InfoSec leader Computer Science or Business Administration degree PCI DSS and SOX experience highly desirable Strong familiarity with DNS and TCP/IP networking Strong problem solving ability Strong written and oral communication skills Proven analytical and problem-solving abilities Experience working in a team-oriented, collaborative environment Knowledge of the Software Development Life Cycle (SDLC) Retail experience desirable 1+ years of relevant audit, information risk, security, or compliance experiencepreferred. Strong Project management (for example: planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives). Certification preferred: GIAC, SSCP, CISSP, CISA, CISM, CRISC, PMP Must be able to effectively communicate technical information to both technical and non-technical personnel. Strong customer and relationship management skills Strong organizational adaptation/change management skills
Salary Range: NA
Minimum Qualification
8 - 10 years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.