If you are an Amazing leader in the maintaining and optimization of IT security, then we have a role for you!!!!
In addition to the standards (salary and bonus), OTS offers:
- PTO + medical + dental + vision + 401K match + LTD + STD + Profit Sharing + Sabbatical + Student Loan monies
- Culture of collaboration
We want someone who lives and breathes the mitigation of software security risks. You are the shark and the bad guys are the minnows–not the other way around. We are FinTech, so the threats are real, pervasive and growing. You are not only up for the challenge, but you seek out and relish the challenge. You are a difference-maker.
We have Mountain Bikers, Road Bikers, Skiers / Boarders (dawn patrol & resort), Runners, Video Game heroes, Movie Buffs, Musicians, and every other variety of people. We have Family people, Single people, Happy people. Someone here is just waiting to be your friend!
This is what you’ll be doing and having fun at it:
· Establish, document and manage an Incident Response program for our client and its partners, including developing relevant runbooks for expected incident types, and conducting table top exercises for OTS and its partners on a regular basis to test the runbooks and prepare involved parties.
· Develop and monitor threat intelligence sources to ensure our client has relevant information on threats and threat trends that can impact them and their partners. Where appropriate, work with the CISO and other IS leaders to add to or modify the current information security program in order to mitigate these threats.
· Provide updates on threat trends, both written and in presentation, as part of the ISSC partner monthly meetings, and as needed for board level reporting and other ad hoc updates/reports.
· Develop capabilities, including both inhouse and with third party resources, to investigate and respond to potential cybersecurity incidents, from initial investigation through to full recovery and root cause analysis, including providing communication updates to all concerned stakeholders.
· Review and contribute to the management of the cyber insurance policies in place for OTS and it’s partners, providing input on the insurance requirements as part of OTS information security program planning, and providing recommendations on areas where additional coverage may be needed.
· Establish proactive relationships with relevant law enforcement, legal and IR consulting firms for use should they be needed in an incident.
· Coordinate and manage pen testing, 3rd party testing and all other technical security evaluation engagement for OTS and its partners, including analysis of report findings to determine if changes are needed to OTS’s information security program as a result.
· Assesses cyber risks and threats to OTS’s and its partners employees, property, affairs, brand, and events. Identifies and researches new potential threats using public and private information, open-source intelligence (OSINT), and other effective research techniques. Establishes clear, effective, and proactive plans for avoiding or mitigating newly emerged or evolving threats. Assists decision-making in crises.
· Represents the team in matters concerns incident response and threat intelligence.
· Manages the backlog and fulfillment of partner requests for their respective areas.
· Assigns and tracks tasks for the team, including monitoring team performance.
· Works with other Information Security leaders and the CISO in preparing the annual information security plan and updating it as warranted due to changing threats.
· Leads relevant training and development of the individuals on the team.
· Provides coaching and feedback to team members.
· Responds to audit requests and findings as required, related to the functions of the department.
· Validate that time-off requests do not negatively impact planned high-priority work.
· Establishes and manages an on-call schedule.
· 8 years of information security experience, of which at least 3-5 years should have been in a role performing the duties of incident response and threat intelligence.
· Highly skilled in the technical aspects of information security, including systems, network and application security tools and processes.
· Experience in developing an IT/TI program in alignment with a recognized security framework (ISO, NIST, etc)
· Experience managing and building incident response/threat intelligence organizations and functions.
· Experience hiring and mentoring staff in the performance of incident response/threat intelligence functions.
· Experience in the handling of actual breaches and incidents, including briefings with senior leaders and coordination with external parties.
· Recognized security certification (CISSP, CISM, etc)