advertisement
NEW YORK & COMPANY logo
Organization
Job Title
SENIOR MANAGER, Cyber Security
Location
New York, New York
Country
United States
Region
NY Metro
Reference Number
174
Position type
Permanent
Category
Retail
Job Function
Engineering
Information Technology
Experience level
Mid to Senior Level (Management)

SENIOR MANAGER, Cyber Security

 

REPORTS TO: 
Sr. Director, Technical Services & Information Security

DEPARTMENT: 
Information Technology

OVERVIEW:
The Senior Manager, Cyber Security will focus on the continuing development, implementation, and maintenance of control functions by which the organization safeguards its sensitive data. The associate will manage various safeguards to support the company’s compliance with applicable legal, regulatory, and security frameworks for the safeguarding of intellectual property, personally identifiable information, personal healthcare information, company securities exchange commission information, and payment card industry data security standards regarding customer cardholder data. This individual will be the technical authority on Information Security, Cyber Security Frameworks, as well as emerging threats and trends. The associate will gather security intelligence, analyze threats, and formulate defensive strategies and responses to mitigate threats in order to effectively ensure protection of systems and sensitive information. This person will work with cross functional partners balancing innovation, security, compliance, and cost all while enhancing security comprehension throughout the organization.


RESPONSIBILITIES:

  • Conduct and analyze risk assessments to identify areas of weakness and vulnerability within networks, applications, and operating systems, including web and mobile technology, and recommend enhancements to meet security standards and regulatory requirements.
  • Oversee the research, design, development, and implementation of cyber security systems, as well as the preparation and maintenance of security guides, standard operating procedures, and systems/network documentation.
  • Lead architecture testing, analyzing results for gaps and compliance.
  • Prioritize mitigation tasks, ensure deployments are in accordance with security best practices, and test implementations to validate intended function or purpose.
  • Remain current on emerging security trends and technology used. Evaluate existing and proposed architectures, recommend and implement security measures, enhancements and mitigate risk.
  • Plan, design, manage and lead enterprise Incident Response Plans and activities.
  • Implement and communicate information security strategies, policies, and procedures.
  • Create baselines for the secure configuration and operations of all in-place systems and devices, apply frameworks for new systems and devices.
  • Work closely with business partners to ensure business needs are met while establishing standards and security frameworks that can be aligned with the overall business strategy.
  • Provide support for audit and remediation activities as required.

MANAGERIAL RESPONSIBILITIES:

  • 1-2 direct reports

Required Experience

QUALIFICATIONS: 

  • Bachelor’s degree in computer science, networking, engineering, or other computer-related field of study, or demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience.
  • 5-7 or more years of experience in a cyber-security role with strong working knowledge and understanding of cyber security, frameworks, incident management, operations and application security best practices
  • Extensive experience with Tripwire, SIEM, Event Logging, Alerting systems.

• One or more of the following certifications:
o Associate of (ISC)2
o CompTIA Security+
o GIAC Information Security Fundamentals
o Microsoft Certified Systems Administrator: Security

• Experience with:
o Cisco Routers, Switches, and Access Control Lists.
o Application Whitelisting
o Data Protection & File Analysis
o Incident Response & Threat Hunting
o NIST & CIS Frameworks.
o Operating Systems Hardening, Active Directory Group Policy.
o Securing database and communications systems such as SQL & Exchange.
o Network, host, application and data security; practical experience with firewalls; Vulnerability Scanning, internal and external perimeter protection, virtual private networks (VPN); intrusion detection & protection; incident handling and forensics.
o Network and systems performance and availability monitoring solutions.

  • Proven analytical and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Excellent written, oral, and interpersonal communication skills and able to present ideas in business-friendly and user-friendly language.
  • Team-oriented and skilled in working within a collaborative environment.
advertisement
advertisement