Role Purpose
The Global Cybersecurity/SOC Manager will play a key role in maintaining and continuously improving FINCA`s cybersecurity, monitoring and control framework, ensuring that effective security risk, threat, vulnerability and incident management practices are incorporated into IT and business practices within their FIF and subsidiaries.
Developing and facilitating security logs and incident management, analytics and reporting capacities is a primary focus of the position. Working closely with global, regional and local Information Security and IT resources to design, test, implement effective security controls is another key responsibility of the position.
Accountabilities
- Communicate and collaborate with internal clients to contribute to security direction, and provide influence and technical guidance on current and future technical security directions
- Act as a cybersecurity subject matter expert throughout projects lifecycle, including functional requirements, design specifications, testing and quality assurance, implementation and support
- Provide input to the annual Information Security budget cycle
- Ensuring that security requirements are identified early on and are being incorporated into all projects/applications:
- Investigate, recommend, evaluate, deploy and integrate security tools and techniques to improve our ability to protect corporate assets and infrastructure
- Develop and maintain documentation of relevant IT systems and security controls
- Assess and capture security requirements within context of enterprise application architecture
- Ensure that application development and deployment meet FINCA security standards
- Provides security input to design and application architectural reviews
- Report on risks, risk mitigations, and residual business risks
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Develop recommendations for improvements
- Monitor appropriate sources for newly identified threats and vulnerabilities
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Recognize and safely utilize attacker tools, tactics, and procedures
- Develop methodologies to enhance red teaming processes
- Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
- Execute and/or lead (when required) red team assessments to highlight gaps impacting organization security posture
- Researching new/emerging security threats, vulnerabilities and exploit techniques
- Responding to new attack surfaces and help implement new requirements as needed
- Develop, manage, and maintain security testing industry frameworks and best practices: Cloud Security Alliance (CSA), NIST, SANS, CIS
- Partner with Global Information Security and Business Continuity team members across the network to drive secure outcomes based on industry best practices
- Play a key role in Global Cybersecurity Team on developing threat modeling and new detection techniques, based on trending attack surfaces
- Provide support to business digital projects through entire project lifecycle (threat modeling, requirements definition, verification and validation)