Security Operations Manager
Apply NowCompany: Raymour & Flanigan
Location: Liverpool, NY 13090
Description:
Raymour & Flanigan is the largest furniture and mattress retailer in the northeastern United States and seventh largest nationwide. Family-owned and led for more than seven decades, we help people come home to comfort with more than 5,000 dedicated employees working in our full-line showrooms, outlet stores, clearance centers and distribution warehouses across 7 states.
The Security Operations Manager role is responsible for developing and driving the IT Security Incident Management team, processes and capabilities, the Vulnerability Management process and capabilities, the Cyber & Phishing Security Awareness process and capabilities, and the investigation and forensic documentation of reported IT Security policy violations.
Essential Functions:
Requirements:
Raymour & Flanigan proudly supports a drug and smoke-free work environment.
Please note that we are currently unable to offer visa sponsorship for this position. Candidates must have authorization to work in the U.S. without the need for sponsorship now or in the future.
Raymour & Flanigan is an Equal Employment Opportunity employer that does not discriminate against any associate or applicant on the basis of race, creed, color, religion, sex (including pregnancy), age, national origin, physical or mental disability, status as a victim of domestic violence, sexual orientation, sexual and other reproductive health decisions, marital or familial status, genetic information or other basis protected by law.
The Security Operations Manager role is responsible for developing and driving the IT Security Incident Management team, processes and capabilities, the Vulnerability Management process and capabilities, the Cyber & Phishing Security Awareness process and capabilities, and the investigation and forensic documentation of reported IT Security policy violations.
Essential Functions:
- Develop, lead, and manage the Security Operations Team.
- Develop and maintain information security policies, procedures, standards, and guidelines based on best practices (NIST/CIS), regulatory (PCI/DFS), and legal compliance.
- Performs quantitative risk analysis and threat modeling to conduct quantitative cyber risk analysis.
- Develops prioritized risk mitigation strategies.
- Conducts Information Security audit activities.
- Remain up to date on trends and issues in the security industry, including current and emerging technologies
- Assist in enhancing the IT Security Program by managing the day-to-day monitoring and alerting of Security Information and Event Management (SIEM) technology.
- Provide guidance and security policy interpretation to managing risk on Windows/Linux servers and desktops, Active Directory (Group Policy), network communications, company data stores, perimeter networks, virtual private networks, and e-mail communications.
- High level of expertise in Windows/Linux Servers/Services.
- Network monitoring, log management, and log analysis from a variety of network sensors to investigate suspect network activity.
- Work with the Infrastructure team and third-party solutions to interpret activity from system logs and network traffic to recognize and react to anomalies that may indicate vulnerabilities or unauthorized exploitation of resources.
- Interpreting network traffic and determining whether activity is legitimate.
- Utilize technical security systems including host and client-based firewalls, intrusion detection/prevention systems, cryptographic systems, endpoint security systems, threat intelligence, and zero-day and anti-virus software to monitor system activity.
- Conduct investigations in response to policy violations and security incidents.
- Develop and manage information security reporting, metrics, and dashboards.
- Participate in rotating "on-call" schedule with other members within the Information Security department.
- Performs other duties as assigned or necessitated by business, regulatory, or emergencies.
- Manage Projects/Deployments for Security Initiatives and business requirements.
Requirements:
- Bachelor's degree in Information Security, Computer Science, or Engineering or equivalent experience preferred
- Graduate degree in Information Security
- Experience with NIST, CIS, and ITIL Highly desirable
- Minimum 10 years experience in Information Technology
- Minimum 5 years experience in IT Security Experience with Security Incident Management, GRC, IAM, Threat Intel, SOC, Vulnerability/Penetration testing, Data Security, SDLC, Cloud Security
- Experience performing security investigations
- Experience with Vulnerability Management tools
- Experience with 3rd party penetration testing activities is highly preferred.
- Certifications: CISSP, GCFA, GCFE, CEH or GPEN is highly desirable. GSEC, SSCP, ECSA or CISM is desirable. MCSE, MCSA, CCNA, or CCNP is a plus.
Raymour & Flanigan proudly supports a drug and smoke-free work environment.
Please note that we are currently unable to offer visa sponsorship for this position. Candidates must have authorization to work in the U.S. without the need for sponsorship now or in the future.
Raymour & Flanigan is an Equal Employment Opportunity employer that does not discriminate against any associate or applicant on the basis of race, creed, color, religion, sex (including pregnancy), age, national origin, physical or mental disability, status as a victim of domestic violence, sexual orientation, sexual and other reproductive health decisions, marital or familial status, genetic information or other basis protected by law.