Title: Sr. Manager, Security and Risk Management
Department: Data Center Operations
Type: Full Time / Permanent
CyberGrants is an ambitious, fast-growing and innovative company focused on providing the very best service to our clients. With nearly 20 years of experience supporting corporate and private philanthropy, CyberGrants brings customers an extraordinary wealth of knowledge and services.
Our mission and entrepreneurial spirit attracts passionate and hardworking professionals. We work hard, but have fun while doing so.
Our business is to provide innovative software and services in the most secure and efficient way. We connect the world’s givers of time, money and products to those who can benefit from them most. Together we can make incredible things happen.
Our vision is to create an ever-expanding network where all of us are inspired to make a genuine impact
Our Core Values
At CyberGrants, adoption of our core values forms the basis of our strategic development and operating philosophy
- OUR CLIENTS: Always putting them first and caring deeply about their success
- RESULTS: Getting the job done, with genuine impact
- PRECISION: Sweating every detail as master craftsmen of products and services
- HONESTY and TRANSPARENCY: Speaking and demanding the unvarnished truth, and addressing challenges head on
- TEAMWORK: Enjoying each other’s company and wearing the same uniform both at work and on the volleyball court
- INTELLECTUAL CURIOSITY: Wanting to go one step further, one layer deeper to get all the answers.
- INTEGRITY: Doing the right thing, every time
The Sr. Manager of Security and Risk Management is primarily responsible for ensuring the security of the CyberGrants corporate and production environments by determining security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures; mentoring team members; participating in corporate governance related to security, risk management, and compliance; and working with CyberGrants' prospects/clients regarding security questionnaires, assessments and on-site visits.
The ideal candidate will possess both the technical skills and experience related to current security practices, methods and trends (i.e., System and Security Architect) along with the managerial and leadership capability necessary to interact with CyberGrants' management and clients.
- Review, define, and update the standards, policies, and procedures necessary to ensure the integrity and security of our corporate and production environments.
- Work closely with IT and Operations to ensure the proper controls, mechanisms and monitoring are in place to ensure compliance with, and proper execution of, our defined policies.
- Annually, conduct training sessions to ensure that all employees are familiar with their duties and responsibilities related to compliance with defined policies.
- Annually, manage the SSAE-16 audit process to ensure that we obtain proper SOC certification.
- Work closely with Sales Solution Architect to review security and infrastructure responses within RFPs.
- Respond to compliance inquiries, security questionnaires, and information security audits on an ongoing basis.
- Coordinate and lead any on-site client risk assessments and information security audits.
- Plan, schedule, manage, and implement remediation projects/activities to resolve any findings from either CyberGrants' or clients' risk assessments.
- Conduct regular testing (e.g., vulnerability scans and penetration tests) according to defined policies.
- Participate in Risk Management Governance meetings and activities.
- Participate in Business Continuity and Disaster Recovery Governance meetings and activities.
- Annually, conduct assessments of third-party vendors (according to defined Vendor Management policy).
- Maintain awareness of, and expertise in, the latest security trends, issues and requirements to prevent any emerging security exposures for impacting our environment.
- Work with VP, Product Development to define and manage application vulnerability guidelines and assessments.
- Work with CTO to achieve the correct balance of security/privacy protection, in a cost effective manner, while maintaining maximum worker productivity.
Required Skills & Experience
The following qualifications and experience are required:
- Undergraduate degree (BS, BA) from accredited university.
- 10-15 years overall IT experience
- 5-10 years’ experience as Systems/Security Architect. Specifically, strong technical skills and experience with security architecture, security best practices, and system architecture.
- Strong familiarity and experience with information security practices, methods and trends.
- 5-10 years technical experience/familiarity with most of the following:
- Desktop and Server Operating Systems (Windows, Solaris, Linux)
- Database Systems (Oracle, MySQL)
- Network Devices (Cisco, Barracuda VPN, etc.)
- Networking security, protocols, standards, intrusion detection/prevention
- IT Security Practices (i.e., Firewalls, AV/Malware Protection, etc.)
- Remote Security (VPN's)
- Access Security
- Physical Security
- Laptop/Mobile Device Security
- Data Loss Prevention (DLP)
- Security Incident Response
- Disaster Recovery and Business Continuity
- Information Security, Retention, and Disposal
- Risk Management and Compliance
- Information Privacy
- 5-7 years management experience.
- Excellent communications skills (verbal, written, and presentation).
- Demonstrated ability to interact with clients and management.
Qualifications and Experience (Optional):
One or more of the following qualifications and experience are highly desirable:
- Training/certifications in one or more of the following – CISSP, Security Architecture Design, Security Awareness, CISA, CISM.
- Security experience with large enterprise IT organization.
- Experience as risk assessor/auditor.
- Post-graduate degree.
Undergraduate degree (BS, BA) from accredited university; Post-graduate degree is a plus
A CyberGrants person is...
CyberGrants is successful because of the highly motivated people who work here and their deep enthusiasm for customer service and philanthropy. We recruit individuals whose honesty, integrity, initiative and creative approach to problem solving shines through. Your passion and commitment will inspire your colleagues as you continue to place the client at the center of everything you do.
For consideration, please send résumé & cover letter, with salary requirements to firstname.lastname@example.org.