Cyber Security Manager – Remediation – Vulnerability management –
Role: VSOC Remediation Manager
Be part of a cutting–edge Security Operations tailored to address cyber security concerns of vehicles the manufacturing of vehicles and the supporting business functions of Information Technology (VSOC).
The VSOC Remediation Manager is accountable for supporting remediation efforts and thematic data analysis and reporting within the organization. The manager will support a near time risk and impact determination of cyber threats to the company business providing outputs into senior business stakeholders to enable consultation into the decision making of remediation and future security controls and security architecture strategy. Engage remediation teams to ensure that remediation efforts are documented and completed in a timely manner through coordination with internal teams. They will manage relationships with stakeholders, both within and outside Cyber, to deliver on the common goal of protecting the organization.
Key Responsibilities and Accountabilities:
In this role you will work with the Global Head of Cyber Security Operations and the CISO to ensure the business function of the VSOC is fit for purpose and that the strategy and alignment of future requirements are identified. You will also interface with the SOC/VSOC service management teams to ensure feedback on performance of the overall business cyber risk is communicated.
You'll be liaising with the SOC team to ensure triaged cyber security concerns are fit for purpose and support the identification of threats.
To be successful in the role you will need to work closely with system owners and security architecture teams to ensure that current architecture and security control alignment are documented and up to date to enable an expedient residual risk determination.
Lastly, you will be maintaining process and procedural documentation to support the VSOC and consult on Cyber Security Threats and Risk while producing metrics to measure Cyber Security Threat and Risk as well as security architecture and system architecture drawings.
Produce white papers on key findings an initiative to enable the consultancy of improvement to cyber security controls
Reviews, documents, and reports remediation actions and security gaps identified through the life cycle of issue identification and management through root cause investigation, taking ownership of the process to facilitate permanent resolution and closure
Works with all relevant internal technical teams, incident management, and the various lines of business to assist in the determination of root cause on incidents to prevent recurrence of issues
Maintains an inventory of problems under analysis and their current progress and status
Creates periodic reports on the remediation progress and problem trending
Creates, assigns, and tracks project timelines and actions to facilitate complete and accurate methodology or framework execution
Drives the resolution of technical problems where analysis requires evaluation of areas whose focus is driving the remediation of services with support teams
Works with reputation management vendors to review and remediate external security posture scoring metrics
Works to review, define, and develop cyber processes
Knowledge, Skills & Experience Required
Knowledge of Threat Modelling frameworks PASTA, STRIDE others.
Knowledge of Risk frameworks such as FAIR, 27004, 27001, 27001
Knowledge of Architecture frameworks Togaf, Sabsa
Familiar with information security frameworks such as, COBITv5, ITIL, SANS Top 20 CSC, OWASP, CyberEssentials or other similar frameworks.
Knowledge or exposure to Cloud technologies, such as IaaS, SaaS & PaaS deployments
Relevant degree or equivalent experience preferred
Understanding of Operational Technology and the challenges involved in securing It
Understanding of network designs with a view to protecting plant floor networks
IT security certifications such as CISSP, SANS, ISO, ITIL, TOGAF
Vulnerability Management experience with tools such as Qualys, Tenable Kenna
Experience in IoT technologies & connected car
Understands Cloud infrastructures AWS, GCP, Azure