Explore exciting Information Security Manager job opportunities. These roles are critical for protecting an organization's data and systems from cyber threats. Information Security Managers oversee the implementation and maintenance of security measures, policies, and procedures. They are responsible for identifying vulnerabilities, assessing risks, and responding to security incidents.5,505 Information Security Manager jobs in the United States
Information Security Manager
73163 Oklahoma City, Oklahoma
ConvaTec
Posted 1 day ago
Job Viewed
Job Description
Position Overview:
180 medical/HSG IT is looking for an experienced Information Security Manager who works independently, ensures information is protected (confidentiality, integrity, and availability) and applies practical knowledge of job obtained through education and work experience.
This role will:
+ Define Information Security Risks
+ Develop infosec policies, standards, and control frameworks to mitigate these risks.
+ Deploy and manage information security controls.
+ Investigate and enforce information security policies.
+ Assist with obtaining and maintaining security certifications.
**Key Responsibilities:**
+ Manage information security management system (ISMS).
+ Identify and document information assets containing sensitive data and ensure access reviews of critical systems.
+ Identify information security risks.
+ Protect classified information.
+ Assurance over partners (IT outsourcers and SAAS)
+ Maintain retention policy and register.
+ Identify, report and governance over information security risks.
+ Manage DLP policy and respond to alerts.
+ Monitor intended leavers for potentially risky behaviors.
+ Monitor and investigate data leakage incidents.
+ Implement and manage eDiscovery and Litigation Hold
+ Fulfil eDiscovery and litigation hold requests and annual reviews.
+ Manage information security awareness plan, deliver, and maintain information security awareness training.
+ Automate collection and insertion into consolidated centralize evidence hub(Diligent as example)
+ Ensure near misses and policy breaches are followed upon as necessary (with training)
+ Conduct Phishing Campaigns.
+ Provide security awareness and compliance metrics demonstrating effectiveness of awareness plan.
+ Identify infosec risks across projects and business processes.
+ Information protection across key systems.
+ Provide requirements for projects to mitigate information security risks.
+ Perform initial vendor assessment and ongoing assurance over key vendors and service providers.
+ Assist in implementing the Information security strategy across 180 medical/HSG.
**Qualifications/Education:**
+ Knowledge of network infrastructure, including routers, switches, firewalls, moderate Database query abilities and associated network protocols and concepts.
+ Strong verbal and written communication skills
+ Ability to facilitate cross-functional teams.
+ Ability to translate business requirements into control objectives.
+ Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
+ Ability to work independently with limited supervision.
+ Ability to demonstrate that you can influence others (key stakeholders including business) through explanation of facts, policies, and practices.
+ Bachelor's degree in computer science, Information Systems, Software Engineering, or equivalent experience
+ CISA and/or CISM
+ Experience in NIST Cyber Framework
+ Minimum 10 years of overall experience in IT
+ Minimum of four years' experience in Information Security
+ CISSP is reccomended but not required.
**Physical Demands**
+ Regularly required to sit, stand, walk, and occasionally bend and move about the facility.
+ Infrequent light physical effort required.
+ Occasional lifting up to 30 lbs.
+ Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
**Working Conditions**
+ Work performed in an office environment,
**Special Factors**
+ This role can be performed remotely.
**Beware of scams online or from individuals claiming to represent Convatec**
A formal recruitment process is required for all our opportunities prior to any offer of employment. This will include an interview confirmed by an official Convatec email address.
If you receive a suspicious approach over social media, text message, email or phone call about recruitment at Convatec, do not disclose any personal information or pay any fees whatsoever. If you're unsure, please contact us at .
**Equal opportunities**
Convatec provides equal employment opportunities for all current employees and applicants for employment. This policy means that no one will be discriminated against because of race, religion, creed, color, national origin, nationality, citizenship, ancestry, sex, age, marital status, physical or mental disability, affectional or sexual orientation, gender identity, military or veteran status, genetic predisposing characteristics or any other basis prohibited by law.
**Notice to Agency and Search Firm Representatives**
Convatec is not accepting unsolicited resumes from agencies and/or search firms for this job posting. Resumes submitted to any Convatec employee by a third party agency and/or search firm without a valid written and signed search agreement, will become the sole property of Convatec. No fee will be paid if a candidate is hired for this position as a result of an unsolicited agency or search firm referral. Thank you.
**Already a Convatec employee?**
**If you are an active employee at Convatec, please do not apply here. Go to the Career Worklet on your Workday home page and View "Convatec Internal Career Site - Find Jobs". Thank you!**
180 medical/HSG IT is looking for an experienced Information Security Manager who works independently, ensures information is protected (confidentiality, integrity, and availability) and applies practical knowledge of job obtained through education and work experience.
This role will:
+ Define Information Security Risks
+ Develop infosec policies, standards, and control frameworks to mitigate these risks.
+ Deploy and manage information security controls.
+ Investigate and enforce information security policies.
+ Assist with obtaining and maintaining security certifications.
**Key Responsibilities:**
+ Manage information security management system (ISMS).
+ Identify and document information assets containing sensitive data and ensure access reviews of critical systems.
+ Identify information security risks.
+ Protect classified information.
+ Assurance over partners (IT outsourcers and SAAS)
+ Maintain retention policy and register.
+ Identify, report and governance over information security risks.
+ Manage DLP policy and respond to alerts.
+ Monitor intended leavers for potentially risky behaviors.
+ Monitor and investigate data leakage incidents.
+ Implement and manage eDiscovery and Litigation Hold
+ Fulfil eDiscovery and litigation hold requests and annual reviews.
+ Manage information security awareness plan, deliver, and maintain information security awareness training.
+ Automate collection and insertion into consolidated centralize evidence hub(Diligent as example)
+ Ensure near misses and policy breaches are followed upon as necessary (with training)
+ Conduct Phishing Campaigns.
+ Provide security awareness and compliance metrics demonstrating effectiveness of awareness plan.
+ Identify infosec risks across projects and business processes.
+ Information protection across key systems.
+ Provide requirements for projects to mitigate information security risks.
+ Perform initial vendor assessment and ongoing assurance over key vendors and service providers.
+ Assist in implementing the Information security strategy across 180 medical/HSG.
**Qualifications/Education:**
+ Knowledge of network infrastructure, including routers, switches, firewalls, moderate Database query abilities and associated network protocols and concepts.
+ Strong verbal and written communication skills
+ Ability to facilitate cross-functional teams.
+ Ability to translate business requirements into control objectives.
+ Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
+ Ability to work independently with limited supervision.
+ Ability to demonstrate that you can influence others (key stakeholders including business) through explanation of facts, policies, and practices.
+ Bachelor's degree in computer science, Information Systems, Software Engineering, or equivalent experience
+ CISA and/or CISM
+ Experience in NIST Cyber Framework
+ Minimum 10 years of overall experience in IT
+ Minimum of four years' experience in Information Security
+ CISSP is reccomended but not required.
**Physical Demands**
+ Regularly required to sit, stand, walk, and occasionally bend and move about the facility.
+ Infrequent light physical effort required.
+ Occasional lifting up to 30 lbs.
+ Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
**Working Conditions**
+ Work performed in an office environment,
**Special Factors**
+ This role can be performed remotely.
**Beware of scams online or from individuals claiming to represent Convatec**
A formal recruitment process is required for all our opportunities prior to any offer of employment. This will include an interview confirmed by an official Convatec email address.
If you receive a suspicious approach over social media, text message, email or phone call about recruitment at Convatec, do not disclose any personal information or pay any fees whatsoever. If you're unsure, please contact us at .
**Equal opportunities**
Convatec provides equal employment opportunities for all current employees and applicants for employment. This policy means that no one will be discriminated against because of race, religion, creed, color, national origin, nationality, citizenship, ancestry, sex, age, marital status, physical or mental disability, affectional or sexual orientation, gender identity, military or veteran status, genetic predisposing characteristics or any other basis prohibited by law.
**Notice to Agency and Search Firm Representatives**
Convatec is not accepting unsolicited resumes from agencies and/or search firms for this job posting. Resumes submitted to any Convatec employee by a third party agency and/or search firm without a valid written and signed search agreement, will become the sole property of Convatec. No fee will be paid if a candidate is hired for this position as a result of an unsolicited agency or search firm referral. Thank you.
**Already a Convatec employee?**
**If you are an active employee at Convatec, please do not apply here. Go to the Career Worklet on your Workday home page and View "Convatec Internal Career Site - Find Jobs". Thank you!**
View Now
0
Information Security Manager
95814 Sacramento, California
$130000 Annually
WhatJobs
Posted 6 days ago
Job Viewed
Job Description
Our client is seeking a strategic and experienced Information Security Manager to lead their security initiatives in **Sacramento, California, US**. This role is pivotal in safeguarding the organization's digital assets, intellectual property, and sensitive data. The ideal candidate will possess extensive experience in developing and implementing comprehensive information security programs, policies, and procedures. You will be responsible for overseeing all aspects of cybersecurity, including risk management, threat detection, incident response, and security awareness training. Key duties include conducting regular security risk assessments, identifying vulnerabilities, and implementing appropriate controls to mitigate threats. The Information Security Manager will lead the security team, fostering a culture of security excellence and continuous improvement. You will be instrumental in developing and executing the company's incident response plan, ensuring swift and effective action in the event of a security breach. This position requires a deep understanding of industry-standard security frameworks (e.g., NIST, ISO 27001) and regulatory compliance requirements. Strong leadership and communication skills are essential to effectively collaborate with IT departments, business leaders, and external stakeholders. You will manage security budgets, vendor relationships, and technology procurements. We are looking for a proactive and visionary leader who can anticipate future threats and develop proactive security strategies. A proven ability to manage complex security projects and build robust security architectures is highly valued. If you are a seasoned cybersecurity professional ready to take on a leadership role and make a significant impact, we encourage you to apply.
Responsibilities:
Responsibilities:
- Develop, implement, and maintain the organization's information security strategy.
- Oversee cybersecurity operations, including threat detection, incident response, and vulnerability management.
- Conduct regular risk assessments and implement mitigation strategies.
- Lead and mentor the information security team.
- Develop and enforce information security policies and procedures.
- Ensure compliance with relevant regulations and industry standards.
- Manage security budgets and vendor relationships.
- Collaborate with IT and business leaders on security initiatives.
- Develop and deliver security awareness training programs.
- Stay current with emerging security threats and technologies.
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Minimum of 8 years of progressive experience in information security, with at least 3 years in a management role.
- Proven experience in developing and implementing comprehensive security programs.
- In-depth knowledge of security frameworks (NIST, ISO 27001) and compliance requirements.
- Strong leadership, communication, and project management skills.
- Experience with security technologies such as SIEM, firewalls, and endpoint protection.
- CISSP, CISM, or equivalent certifications are highly preferred.
Apply Now
1
Information Security Manager
23451 Virginia Beach, Virginia
$130000 Annually
WhatJobs
Posted 12 days ago
Job Viewed
Job Description
Our client is seeking an experienced and visionary Information Security Manager to lead their dedicated security team. This is an on-site position based in Virginia Beach, Virginia, US , offering a stable and secure work environment. You will be responsible for the development, implementation, and oversight of the organization's information security program, ensuring the protection of sensitive data and critical systems. This leadership role requires a strategic mindset, excellent people management skills, and a profound understanding of current and emerging cybersecurity threats.
Key Responsibilities:
Qualifications:
This is a crucial role for an individual passionate about building and maintaining a secure environment. The successful candidate will have a direct impact on the organization's resilience and trustworthiness. The position is based in our office in Virginia Beach, Virginia, US , and requires a consistent on-site presence.
Key Responsibilities:
- Develop, implement, and maintain a comprehensive information security strategy and roadmap.
- Oversee the day-to-day operations of the information security department, including incident response, vulnerability management, and security awareness training.
- Manage and mentor a team of security professionals, fostering a culture of continuous learning and high performance.
- Ensure compliance with all relevant legal, regulatory, and industry standards (e.g., PCI DSS, HIPAA, GDPR).
- Conduct regular risk assessments and implement appropriate mitigation strategies.
- Manage security budgets and vendor relationships.
- Collaborate with executive leadership to align security initiatives with business objectives.
- Design and implement security policies, procedures, and standards.
- Lead the investigation and response to security incidents, minimizing impact and ensuring timely resolution.
- Stay current with the threat landscape and emerging security technologies.
- Oversee the security of cloud environments and on-premises infrastructure.
Qualifications:
- Bachelor's degree in Information Security, Computer Science, or a related field; Master's degree preferred.
- 7+ years of progressive experience in information security, with at least 3 years in a management or leadership role.
- Demonstrated experience in developing and managing enterprise-wide security programs.
- In-depth knowledge of security technologies, including SIEM, firewalls, IDS/IPS, endpoint protection, and encryption.
- Strong understanding of risk management frameworks and compliance regulations.
- Excellent leadership, communication, and interpersonal skills.
- Ability to translate complex technical concepts into business-appropriate language.
- Relevant certifications such as CISSP, CISM, or equivalent are strongly preferred.
This is a crucial role for an individual passionate about building and maintaining a secure environment. The successful candidate will have a direct impact on the organization's resilience and trustworthiness. The position is based in our office in Virginia Beach, Virginia, US , and requires a consistent on-site presence.
Apply Now
2
Information Security Manager
48226 Detroit, Michigan
$150000 Annually
WhatJobs
Posted 14 days ago
Job Viewed
Job Description
Our client, a prominent financial institution in Detroit, Michigan, US , is seeking an experienced and strategic Information Security Manager to lead their cybersecurity initiatives. This critical role involves developing and executing the company's information security strategy, safeguarding sensitive data, and ensuring compliance with regulatory requirements. The ideal candidate will possess a strong blend of technical expertise, leadership acumen, and a deep understanding of enterprise security architecture and risk management.
Responsibilities:
Responsibilities:
- Develop, implement, and maintain a comprehensive information security program aligned with business objectives and regulatory standards.
- Lead and manage the information security team, providing guidance, mentorship, and performance management.
- Oversee the identification, assessment, and mitigation of security risks across the organization.
- Establish and enforce security policies, standards, and procedures to protect information assets.
- Manage the security incident response process, including investigation, containment, eradication, and recovery.
- Oversee the deployment, configuration, and maintenance of security technologies such as firewalls, SIEM, IDS/IPS, endpoint protection, and encryption solutions.
- Conduct regular security audits and vulnerability assessments, and ensure remediation plans are executed effectively.
- Ensure compliance with relevant regulations (e.g., GLBA, SOX, PCI DSS) and industry best practices.
- Develop and deliver security awareness training programs for all employees.
- Collaborate with IT, legal, compliance, and business units to integrate security into all aspects of operations.
- Stay current with the evolving threat landscape, emerging technologies, and regulatory changes.
- Manage relationships with third-party security vendors and service providers.
- Prepare reports for senior management and the board on the state of information security.
- Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field; Master's degree preferred.
- 8+ years of progressive experience in information security, with at least 3 years in a management or leadership role.
- Proven experience in developing and managing enterprise-wide security programs.
- Strong understanding of risk management frameworks (e.g., NIST CSF, ISO 27001) and regulatory compliance.
- Expertise in network security, data security, application security, cloud security, and identity management.
- Experience with security technologies and tools (SIEM, firewalls, IDS/IPS, vulnerability scanners, etc.).
- Excellent leadership, communication, and interpersonal skills.
- Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.
- Demonstrated ability to manage security incidents and develop effective response strategies.
- Strong analytical and problem-solving capabilities.
Apply Now
3
Information Security Manager
50309 Des Moines, Iowa
$120000 Annually
WhatJobs
Posted 16 days ago
Job Viewed
Job Description
Our client is seeking an experienced and strategic Information Security Manager to lead their security initiatives in Des Moines, Iowa, US . This hybrid role involves developing and implementing robust security strategies, policies, and procedures to protect sensitive data and systems. You will manage security operations, oversee incident response, conduct risk assessments, and ensure compliance with relevant regulations. The ideal candidate possesses strong leadership skills, a deep understanding of cybersecurity principles, and the ability to communicate complex security concepts to both technical and non-technical audiences.
Responsibilities:
Responsibilities:
- Develop, implement, and maintain comprehensive information security strategies and programs.
- Oversee the day-to-day operations of the security team, including threat detection, monitoring, and incident response.
- Conduct regular risk assessments and vulnerability analyses to identify and mitigate security threats.
- Develop and enforce information security policies, standards, and guidelines.
- Manage security awareness training programs for all employees.
- Lead and coordinate the response to security incidents, minimizing impact and ensuring timely resolution.
- Oversee the implementation and management of security technologies, such as firewalls, IDS/IPS, SIEM, and endpoint protection.
- Ensure compliance with relevant industry regulations and data privacy laws (e.g., GDPR, HIPAA, PCI DSS).
- Collaborate with IT and other departments to integrate security into all aspects of business operations.
- Manage relationships with third-party security vendors and service providers.
- Develop and maintain business continuity and disaster recovery plans.
- Present security reports and metrics to senior management.
- Stay current with emerging cybersecurity threats, trends, and technologies.
- Lead, mentor, and develop a high-performing information security team.
- Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
- 7+ years of experience in information security, with at least 3 years in a management or leadership role.
- Deep understanding of security frameworks (e.g., NIST, ISO 27001), threat landscapes, and security technologies.
- Proven experience in developing and implementing security policies and procedures.
- Strong knowledge of risk management, vulnerability assessment, and incident response.
- Excellent leadership, communication, and interpersonal skills.
- Experience with compliance and regulatory requirements relevant to the industry.
- Relevant certifications such as CISSP, CISM, or CISA are highly desirable.
- Ability to manage multiple projects and priorities in a dynamic environment.
- Experience working in a hybrid work model and managing distributed teams.
Apply Now
4
Information Security Manager - INTL - UK
97501 Blue River, Oregon
Insight Global
Posted 1 day ago
Job Viewed
Job Description
Job Description
The Information Security Manager is responsible for designing, implementing, and enhancing a comprehensive technology compliance and risk management program to bolster the organization's security posture. This role involves continuous assessment, reporting, and improvement of technology risks and compliance activities across global operations. You will serve as a pillar of the Information Security Program by driving and managing program activities, ensuring success through collaboration with internal and external partners. In the future you will establish a team and reports, but on the forefront there will be a focus on managing third party and vendor risk with an emphasis on front end offensive security activities and conducting service provider security assessments.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: and Requirements
-5+ years of experience managing an enterprise risk register
-5+ years of experience managing InfoSec gathering and reporting metrics
-5+ years of experience spearheading offensive security activities
-5+ years of experience managing policy document and improvement
-5+ years of experience implementing data retention policies
-5+ years of experience managing third party risk management and cyber risk rating tools
-CISSP Certification -Automotive industry experience
The Information Security Manager is responsible for designing, implementing, and enhancing a comprehensive technology compliance and risk management program to bolster the organization's security posture. This role involves continuous assessment, reporting, and improvement of technology risks and compliance activities across global operations. You will serve as a pillar of the Information Security Program by driving and managing program activities, ensuring success through collaboration with internal and external partners. In the future you will establish a team and reports, but on the forefront there will be a focus on managing third party and vendor risk with an emphasis on front end offensive security activities and conducting service provider security assessments.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: and Requirements
-5+ years of experience managing an enterprise risk register
-5+ years of experience managing InfoSec gathering and reporting metrics
-5+ years of experience spearheading offensive security activities
-5+ years of experience managing policy document and improvement
-5+ years of experience implementing data retention policies
-5+ years of experience managing third party risk management and cyber risk rating tools
-CISSP Certification -Automotive industry experience
View Now
5
Senior Information Security Manager, Cloud Security
33601 Tampa, Florida
$160000 Annually
WhatJobs
Posted 18 days ago
Job Viewed
Job Description
Our client, a leader in cloud-based technology solutions, is seeking a seasoned Senior Information Security Manager with a specialization in Cloud Security to join their growing team in **Tampa, Florida, US**. This critical role will be responsible for developing, implementing, and managing the organization's cloud security strategy and controls across AWS, Azure, and GCP environments. You will lead initiatives to protect sensitive data, ensure compliance with industry regulations (e.g., GDPR, CCPA, HIPAA), and maintain the integrity and availability of cloud infrastructure. The ideal candidate will possess extensive experience in cloud security architecture, threat modeling, vulnerability management, incident response, and security automation. You will work closely with engineering, operations, and development teams to embed security best practices throughout the cloud development lifecycle (DevSecOps). Responsibilities include evaluating and recommending security technologies, developing and enforcing security policies and procedures, conducting security assessments, and responding to security incidents. Experience with container security, serverless security, and infrastructure as code security is highly desirable. This hybrid position offers a blend of in-office collaboration and remote flexibility, fostering a dynamic and productive work environment. You will be a key advisor on all matters related to cloud security, helping to shape the company's security posture and protect against evolving threats. Strong analytical, problem-solving, and communication skills are essential, as is the ability to articulate complex security concepts to both technical and non-technical audiences.Responsibilities:
- Develop and execute a comprehensive cloud security strategy and roadmap.
- Implement and manage security controls for cloud environments (AWS, Azure, GCP).
- Conduct security architecture reviews and threat modeling for cloud-native applications and infrastructure.
- Oversee vulnerability management, penetration testing, and security assessments of cloud assets.
- Lead incident response efforts for cloud security breaches and incidents.
- Develop and enforce cloud security policies, standards, and procedures.
- Collaborate with engineering and DevOps teams to integrate security into CI/CD pipelines (DevSecOps).
- Evaluate and recommend cloud security technologies and tools.
- Ensure compliance with relevant regulatory and industry standards.
- Provide security awareness training for cloud-related topics.
- Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
- 7+ years of experience in information security, with at least 4 years focused on cloud security.
- Deep understanding of security best practices in AWS, Azure, and/or GCP.
- Hands-on experience with cloud security tools (e.g., CWPP, CSPM, SIEM).
- Proficiency in scripting languages (e.g., Python, Bash) for security automation.
- Knowledge of containerization (Docker, Kubernetes) and serverless security.
- Experience with compliance frameworks (e.g., SOC 2, ISO 27001, HIPAA).
- Strong analytical, problem-solving, and communication skills.
- Relevant certifications such as CISSP, CCSP, AWS Security Specialty, or Azure Security Engineer are a plus.
Apply Now
Be The First To Know
About the latest Information security manager Jobs in United States !
6
Cyber Security, Information Systems Security Manager (ISSM)
03103 Manchester, New Hampshire
BAE Systems
Posted 1 day ago
Job Viewed
Job Description
**Job Description**
Information systems critical to national security at one of the leading companies in Aerospace and Defense. Develop your Information Assurance (IA) career through hands on application, work with seasoned professionals, and a training and development plan designed to grow your skills in a fast paced, team-based environment.
If you are looking to learn, influence, and help develop top cyber technologies, applications, and processes that protect and service our customers wherever they may be air, land, and sea come join our award-winning security family here at Electronic Systems (ES). **_This position involves a great mix of people leading, training and mentoring cybesecurity personnel , portofolio and customer facing, while being hands-on technical supporting some of our largest SAP programs._**
**In this Cyber Security, Information Systems Security Manager (ISSM) opportunity you will make impacts in the following ways;**
+ Support adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications.
+ Obtain and maintain Authority to Operate (ATO) approvals for various systems by adhering to the Risk Management Framework (RMF).
+ Support cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include the development and management of System Security documentation, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls, and continuous monitoring of controls.
+ Provide oversight for all classified systems compliance and ensure the execution of our strong self-inspection program.
+ Ensure all security certification and accreditation documents in relation to all classified systems are up-to-date.
+ Ensure continuous monitoring (e.g. weekly, monthly, etc.) in accordance with cognizant security authority requirements are being implemented and met.
+ Coordinate security-related activities with information security architects, senior information security officers, information system owners, common control providers, and information system security officers
+ Run and maintain the entire information assurance program for more complex efforts or area
+ Translate operational requirements into technical requirements and architectures needed to meet program objectives
+ Employ best practices when implementing security controls within an information system including; software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques
_Because of the need for consistent, in-person collaboration and/or the requirement to perform all work onsite due to the nature of this particular role, it will be performed_ **_full-time on site_** _. This means work will be conducted on location at a BAE Systems facility 100% of the time_
**Required Education, Experience, & Skills**
+ Must be able to obtain IAM Level II certification commensurate with DoD 8570.1M requirements within 6 months from date of hire
+ An active Secret Clearance required
+ 7 or more years of ISSM or relevant cybersecurity experience
+ Education: minimum of high school diploma
+ High level of personal motivation and initiative to learn and acquire new skills, and adapt seamlessly to an ever-changing security environment
+ Customer focused, excellent communicator and ability to work with limited supervision.
+ Strong organizational skills
+ Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), program personnel and government security representatives.
+ Experience with the development of core documentation including System Security Plans, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, and Configuration Management Plans.
+ Experience with the review and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
+ Experience with auditing and certifying compliance of various systems (Windows, Linux, Network Devices and peripherals).
+ Experience with development and delivery of IA-related briefings and training material.
+ Experience with compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
+ Experience with the review and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
+ Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
+ Experience with conducting all aspects of a self-inspection
+ Experience with periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and integrity scans to determine compliance
+ Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
**Preferred Education, Experience, & Skills**
+ Bachelors Degree in a related field
+ Run and maintain the entire information assurance program for more complex efforts or area
+ Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
+ Translate operational requirements into technical requirements and architectures needed to meet program objectives
+ Experience with conducting all aspects of a self-inspection
+ Experience with periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and integrity scans to determine compliance
+ Prepared incident reports of analysis methodology and results
+ Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
+ Employ best practices when implementing security controls within an information system including; software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques
+ Ability to function as an integral part of the development team to include designing and developing organizational information systems or upgrading legacy systems
**Pay Information**
Full-Time Salary Range: $ - $
Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.
Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20 hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.
**Cyber Security, Information Systems Security Manager (ISSM)**
** BR**
EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression
Information systems critical to national security at one of the leading companies in Aerospace and Defense. Develop your Information Assurance (IA) career through hands on application, work with seasoned professionals, and a training and development plan designed to grow your skills in a fast paced, team-based environment.
If you are looking to learn, influence, and help develop top cyber technologies, applications, and processes that protect and service our customers wherever they may be air, land, and sea come join our award-winning security family here at Electronic Systems (ES). **_This position involves a great mix of people leading, training and mentoring cybesecurity personnel , portofolio and customer facing, while being hands-on technical supporting some of our largest SAP programs._**
**In this Cyber Security, Information Systems Security Manager (ISSM) opportunity you will make impacts in the following ways;**
+ Support adherence to all aspects of a rigorous Risk Management Framework (RMF) compliance program as stipulated by NISPOM/DAAPM, JSIG, ICD 503, STIGs and associated NIST publications.
+ Obtain and maintain Authority to Operate (ATO) approvals for various systems by adhering to the Risk Management Framework (RMF).
+ Support cybersecurity efforts throughout the RMF process for one or more assigned programs(s) to include the development and management of System Security documentation, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls, and continuous monitoring of controls.
+ Provide oversight for all classified systems compliance and ensure the execution of our strong self-inspection program.
+ Ensure all security certification and accreditation documents in relation to all classified systems are up-to-date.
+ Ensure continuous monitoring (e.g. weekly, monthly, etc.) in accordance with cognizant security authority requirements are being implemented and met.
+ Coordinate security-related activities with information security architects, senior information security officers, information system owners, common control providers, and information system security officers
+ Run and maintain the entire information assurance program for more complex efforts or area
+ Translate operational requirements into technical requirements and architectures needed to meet program objectives
+ Employ best practices when implementing security controls within an information system including; software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques
_Because of the need for consistent, in-person collaboration and/or the requirement to perform all work onsite due to the nature of this particular role, it will be performed_ **_full-time on site_** _. This means work will be conducted on location at a BAE Systems facility 100% of the time_
**Required Education, Experience, & Skills**
+ Must be able to obtain IAM Level II certification commensurate with DoD 8570.1M requirements within 6 months from date of hire
+ An active Secret Clearance required
+ 7 or more years of ISSM or relevant cybersecurity experience
+ Education: minimum of high school diploma
+ High level of personal motivation and initiative to learn and acquire new skills, and adapt seamlessly to an ever-changing security environment
+ Customer focused, excellent communicator and ability to work with limited supervision.
+ Strong organizational skills
+ Able to interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), program personnel and government security representatives.
+ Experience with the development of core documentation including System Security Plans, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, and Configuration Management Plans.
+ Experience with the review and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
+ Experience with auditing and certifying compliance of various systems (Windows, Linux, Network Devices and peripherals).
+ Experience with development and delivery of IA-related briefings and training material.
+ Experience with compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
+ Experience with the review and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, SCAP, ACAS, SCC).
+ Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
+ Experience with conducting all aspects of a self-inspection
+ Experience with periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and integrity scans to determine compliance
+ Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
**Preferred Education, Experience, & Skills**
+ Bachelors Degree in a related field
+ Run and maintain the entire information assurance program for more complex efforts or area
+ Working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
+ Translate operational requirements into technical requirements and architectures needed to meet program objectives
+ Experience with conducting all aspects of a self-inspection
+ Experience with periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and integrity scans to determine compliance
+ Prepared incident reports of analysis methodology and results
+ Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
+ Employ best practices when implementing security controls within an information system including; software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques
+ Ability to function as an integral part of the development team to include designing and developing organizational information systems or upgrading legacy systems
**Pay Information**
Full-Time Salary Range: $ - $
Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.
Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20 hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.
**Cyber Security, Information Systems Security Manager (ISSM)**
** BR**
EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression
View Now
7
Senior Cybersecurity Analyst / Information Security Manager - Top Secret Clearance
20851 Rockville, Maryland
NANA Regional Corporation
Posted 7 days ago
Job Viewed
Job Description
We are seeking a highly skilled Senior Cybersecurity Analyst / Information Security Manager with expertise in IT security, risk management, and policy development. The ideal candidate will have a minimum of five (5) years of experience implementing security measures to protect the confidentiality, integrity, and availability of information systems and data, along with at least two (2) years of supervisory experience in a cybersecurity or IT security role.
This individual will be responsible for developing, monitoring, and testing cybersecurity plans and controls using government-approved tools and methodologies while ensuring compliance with federal cybersecurity policies and frameworks.
Contingent upon contract award
**Responsibilities**
+ Plan, coordinate, and implement security measures to safeguard information systems and data.
+ Supervise cybersecurity personnel and oversee daily security operations.
+ Develop, monitor, and conduct testing of cybersecurity plans and controls using government-approved tools and methodologies.
+ Document test results, risk assessments, and residual risk reports, and provide recommendations for corrective actions.
+ Ensure compliance with cybersecurity policies and best practices, including National Institute of Standards and Technology (NIST) Special Publications.
+ Demonstrate expertise in Security Assessment and Authorization (SA&A), including NIST 800-37, NIST 800-53, CNSSI standards, and other federal cybersecurity requirements.
+ Develop and maintain EHSS Security Policies, including the EHSS Privacy Plan, EHSS Configuration Management Plan, and other security-related documentation.
+ Create and maintainbaseline documentation and oversee policy development and reviews for EHSS security programs.
+ Implement and support Incident Response, Vulnerability Management, and Plan of Action and Milestone (POA&M) management.
+ Apply expertise in Zero Trust Architecture, cloud security requirements, security assessments, and Continuous Diagnostics and Mitigation (CDM)/Continuous Monitoring.
**Qualifications**
+ Bachelor's degree in Information Technology, Cybersecurity, Information Assurance, or a related field from an accredited university or college.
+ Minimum of five (5) years of experience in IT security, risk management, and policy development.
+ Minimum of two (2) years of supervisory experience in a cybersecurity or IT security role.
+ Proficiency in NIST frameworks, risk assessments, security controls, and federal cybersecurity policies.
+ Must be knowledgeable in Incident Response practices, vulnerability management, Plan of Action and Milestone management, Zero Trust Architecture, cloud requirements and assessments Continuous Diagnostics Mitigations/Continuous Monitoring, Etc.
+ Strong understanding of Security Assessment and Authorization (SA&A) processes and federal security compliance requirements.
+ Top Secret clearance
**Required Certifications:**
+ GIAC Information Security Professional (GISP), ISC2 Certified Information Systems Security Professional, CISSP or equivalent.
**Job ID**
**Work Type**
On-Site
**Pay Range**
$150,000 -$190,000
**Benefits**
Regular - The company offers a comprehensive benefits program, including medical, dental, vision, life insurance, 401(k) and a range of other voluntary benefits. Paid Time Off (PTO) is offered to regular full-time and part-time employees.
**Company Description**
**Work Where it Matters**
Compass Point, an Akima company, is not just another federal IT contractor. As an Alaska Native Corporation (ANC), our mission and purpose extend beyond our exciting federal projects as we support our shareholder communities in Alaska.
At Compass Point, the work you do every day makes a difference in the lives of our 15,000 Iñupiat shareholders, a group of Alaska natives from one of the most remote and harshest environments in the United States.
**For our shareholders** , Compass Point provides support and employment opportunities and contributes to the survival of a culture that has thrived above the Arctic Circle for more than 10,000 years.
**For our government customers** , Compass Point delivers a broad range of skilled IT services, including data-centric services, software development, IT infrastructure modernization, managed IT services, and more.
**As a Compass Point employee** , you will be surrounded by a challenging, yet supportive work environment that is committed to innovation and diversity, two of our most important values. You will also have access to our comprehensive benefits and competitive pay in addition to growth opportunities and excellent retirement options.
We are an equal opportunity employer and comply with all applicable federal, state, and local fair employment practices laws. All applicants will receive consideration for employment, without regard to race, color, religion, creed, national origin, gender or gender-identity, age, marital status, sexual orientation, veteran status, disability, pregnancy or parental status, or any other basis prohibited by law. If you are an individual with a disability, or have known limitations related to pregnancy, childbirth, or related medical conditions, and would like to request a reasonable accommodation for any part of the employment process, please contact us at or (information about job applications status is not available at this contact information).
This individual will be responsible for developing, monitoring, and testing cybersecurity plans and controls using government-approved tools and methodologies while ensuring compliance with federal cybersecurity policies and frameworks.
Contingent upon contract award
**Responsibilities**
+ Plan, coordinate, and implement security measures to safeguard information systems and data.
+ Supervise cybersecurity personnel and oversee daily security operations.
+ Develop, monitor, and conduct testing of cybersecurity plans and controls using government-approved tools and methodologies.
+ Document test results, risk assessments, and residual risk reports, and provide recommendations for corrective actions.
+ Ensure compliance with cybersecurity policies and best practices, including National Institute of Standards and Technology (NIST) Special Publications.
+ Demonstrate expertise in Security Assessment and Authorization (SA&A), including NIST 800-37, NIST 800-53, CNSSI standards, and other federal cybersecurity requirements.
+ Develop and maintain EHSS Security Policies, including the EHSS Privacy Plan, EHSS Configuration Management Plan, and other security-related documentation.
+ Create and maintainbaseline documentation and oversee policy development and reviews for EHSS security programs.
+ Implement and support Incident Response, Vulnerability Management, and Plan of Action and Milestone (POA&M) management.
+ Apply expertise in Zero Trust Architecture, cloud security requirements, security assessments, and Continuous Diagnostics and Mitigation (CDM)/Continuous Monitoring.
**Qualifications**
+ Bachelor's degree in Information Technology, Cybersecurity, Information Assurance, or a related field from an accredited university or college.
+ Minimum of five (5) years of experience in IT security, risk management, and policy development.
+ Minimum of two (2) years of supervisory experience in a cybersecurity or IT security role.
+ Proficiency in NIST frameworks, risk assessments, security controls, and federal cybersecurity policies.
+ Must be knowledgeable in Incident Response practices, vulnerability management, Plan of Action and Milestone management, Zero Trust Architecture, cloud requirements and assessments Continuous Diagnostics Mitigations/Continuous Monitoring, Etc.
+ Strong understanding of Security Assessment and Authorization (SA&A) processes and federal security compliance requirements.
+ Top Secret clearance
**Required Certifications:**
+ GIAC Information Security Professional (GISP), ISC2 Certified Information Systems Security Professional, CISSP or equivalent.
**Job ID**
**Work Type**
On-Site
**Pay Range**
$150,000 -$190,000
**Benefits**
Regular - The company offers a comprehensive benefits program, including medical, dental, vision, life insurance, 401(k) and a range of other voluntary benefits. Paid Time Off (PTO) is offered to regular full-time and part-time employees.
**Company Description**
**Work Where it Matters**
Compass Point, an Akima company, is not just another federal IT contractor. As an Alaska Native Corporation (ANC), our mission and purpose extend beyond our exciting federal projects as we support our shareholder communities in Alaska.
At Compass Point, the work you do every day makes a difference in the lives of our 15,000 Iñupiat shareholders, a group of Alaska natives from one of the most remote and harshest environments in the United States.
**For our shareholders** , Compass Point provides support and employment opportunities and contributes to the survival of a culture that has thrived above the Arctic Circle for more than 10,000 years.
**For our government customers** , Compass Point delivers a broad range of skilled IT services, including data-centric services, software development, IT infrastructure modernization, managed IT services, and more.
**As a Compass Point employee** , you will be surrounded by a challenging, yet supportive work environment that is committed to innovation and diversity, two of our most important values. You will also have access to our comprehensive benefits and competitive pay in addition to growth opportunities and excellent retirement options.
We are an equal opportunity employer and comply with all applicable federal, state, and local fair employment practices laws. All applicants will receive consideration for employment, without regard to race, color, religion, creed, national origin, gender or gender-identity, age, marital status, sexual orientation, veteran status, disability, pregnancy or parental status, or any other basis prohibited by law. If you are an individual with a disability, or have known limitations related to pregnancy, childbirth, or related medical conditions, and would like to request a reasonable accommodation for any part of the employment process, please contact us at or (information about job applications status is not available at this contact information).
View Now
8
Information Security Snr Manager
22095 Herndon, Virginia
Oracle
Posted 3 days ago
Job Viewed
Job Description
**Job Description**
Job Description
**Information Security Sr. Manager - Offensive Security**
Oracle Cloud Infrastructure Group (United States)
The Oracle Cloud Infrastructure (OCI) Offensive Security team provides OCI with the capabilities to ensure our systems and services meet the security objectives we communicate to customers. The Offensive Security group performs security assessments, vulnerability research, static and dynamic analysis research, penetration testing, red-teaming, and security tool development. We ensure the security of the software and hardware that runs our cloud infrastructure and strive for continuous improvement. The OCI Offensive Security group works as a team. We don't fit people into predefined roles. We bring together the right people who enhance team capability and build roles around each team member's skills and interests.
Values are OCI's foundation and how we deliver excellence. We strive for equity, inclusion, and respect for all. We are committed to the greater good in our products and our actions. We are continually learning and taking opportunities to grow our careers and ourselves. We challenge each other to stretch beyond our past to build our future. You can learn more about us by visiting .
Are you interested in building large-scale distributed security systems and tools for the cloud? Do you love the idea of working in an environment with the excitement of a start-up, but the financial backing of a Fortune 100 company? This role offers huge upside potential, high visibility, and fast career growth without the risks of a typical start-up. We are growing fast, maturing, and working on results-oriented initiatives. A security-focused leader can have significant technical and business impact. This is a unique opportunity to work with smart people to solve complex problems in distributed systems, security, and multi-tenant Infrastructure-as-a-Service (IaaS) operating at massive scale. The biggest challenges for the team is the dynamic and fast growth of the business, driving us to improve our systems, tools, and automation to scale to our security expertise several orders of magnitude greater than what we can support today. We understand that software is living and needs investment. The challenge is making the right tradeoffs, communicating those decisions effectively, and crisp execution. We hope you like working at scale as much as we do because Oracle has no shortage of it! Craft the future of one of the largest clouds on earth with us!
Our ideal candidate is a hardworking and hands-on leader concerned with both security and building the best team possible, a passionate leader about security and furthering their knowledge every day as well as their team, and has previous experience working in the cloud/hardware industry and leading a group of scary smart hackers that operate in a distributed, multi-tenant service infrastructure.
Qualifications
+ 3+ years of management experience delivering and operating large scale, highly available distributed services
+ 5+ years of software engineering experience
+ Strong overall business and communication skills, including executive presentation skills and eye for business
+ Strong leadership and people management skills
+ Understanding the importance of a balanced work approach to encourage team culture
+ Strong knowledge of data structures, algorithms, operating systems, and distributed systems fundamentals
+ Strong understanding of databases, NoSQL systems, storage and distributed persistence technologies
+ Prior experience with Security
+ Understanding of known security vulnerabilities and mitigations
+ Programming and debugging fundamentals in languages/interfaces, such as C/C++, Java, Python, etc
**Responsibilities**
Responsibilities
+ Leading a diverse set of personalities and talent
+ Understanding the importance of a healthy and supportive team culture
+ Support a culture of accountability, integrity and high expectations
+ Effectively communicate to anyone in the organization, from the most technical operator to senior leadership
+ Stay abreast of known vulnerabilities which can impact our cloud and customers, and work towards applying appropriate mitigations
+ Guide and mentor the teams which perform security reviews, and clearly communicate their findings
+ Drive implementation and verification of security features to enhance the security of our platforms
+ Recommend methodologies for secure service development driving continuous improvement in the engineering organization - Including mentoring, developing, and delivering training materials as well as producing frameworks to reduce standard methodology patterns to an application for use in production efforts
+ Collaborate to develop a long-term security roadmap for the features we invest in first
+ Responsibly and securely disclose 3rd party vulnerabilities to vendors
+ Provide direction and advice on emerging threats, weaknesses, and security practices that may impact the security posture of OCI
+ Manage and lead the performance of security teams and security testing activities
+ Be able to critically examine an organization and system through the perspective of a threat actor and articulate risks in clear, detailed terms.
+ Guiding effective remediations and fixes in our platforms
+ Demonstrate solid understanding of distributed networks, major operating systems and their associated peripherals
Disclaimer:
**Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.**
**Range and benefit information provided in this posting are specific to the stated locations only**
US: Hiring Range in USD from: $120,100 to $251,600 per annum. May be eligible for bonus, equity, and compensation deferral.
Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business.
Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.
Oracle US offers a comprehensive benefits package which includes the following:
1. Medical, dental, and vision insurance, including expert medical opinion
2. Short term disability and long term disability
3. Life insurance and AD&D
4. Supplemental life insurance (Employee/Spouse/Child)
5. Health care and dependent care Flexible Spending Accounts
6. Pre-tax commuter and parking benefits
7. 401(k) Savings and Investment Plan with company match
8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.
9. 11 paid holidays
10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.
11. Paid parental leave
12. Adoption assistance
13. Employee Stock Purchase Plan
14. Financial planning and group legal
15. Voluntary benefits including auto, homeowner and pet insurance
The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.
Career Level - M3
**About Us**
As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.
We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all.
Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.
We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing or by calling in the United States.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.
Job Description
**Information Security Sr. Manager - Offensive Security**
Oracle Cloud Infrastructure Group (United States)
The Oracle Cloud Infrastructure (OCI) Offensive Security team provides OCI with the capabilities to ensure our systems and services meet the security objectives we communicate to customers. The Offensive Security group performs security assessments, vulnerability research, static and dynamic analysis research, penetration testing, red-teaming, and security tool development. We ensure the security of the software and hardware that runs our cloud infrastructure and strive for continuous improvement. The OCI Offensive Security group works as a team. We don't fit people into predefined roles. We bring together the right people who enhance team capability and build roles around each team member's skills and interests.
Values are OCI's foundation and how we deliver excellence. We strive for equity, inclusion, and respect for all. We are committed to the greater good in our products and our actions. We are continually learning and taking opportunities to grow our careers and ourselves. We challenge each other to stretch beyond our past to build our future. You can learn more about us by visiting .
Are you interested in building large-scale distributed security systems and tools for the cloud? Do you love the idea of working in an environment with the excitement of a start-up, but the financial backing of a Fortune 100 company? This role offers huge upside potential, high visibility, and fast career growth without the risks of a typical start-up. We are growing fast, maturing, and working on results-oriented initiatives. A security-focused leader can have significant technical and business impact. This is a unique opportunity to work with smart people to solve complex problems in distributed systems, security, and multi-tenant Infrastructure-as-a-Service (IaaS) operating at massive scale. The biggest challenges for the team is the dynamic and fast growth of the business, driving us to improve our systems, tools, and automation to scale to our security expertise several orders of magnitude greater than what we can support today. We understand that software is living and needs investment. The challenge is making the right tradeoffs, communicating those decisions effectively, and crisp execution. We hope you like working at scale as much as we do because Oracle has no shortage of it! Craft the future of one of the largest clouds on earth with us!
Our ideal candidate is a hardworking and hands-on leader concerned with both security and building the best team possible, a passionate leader about security and furthering their knowledge every day as well as their team, and has previous experience working in the cloud/hardware industry and leading a group of scary smart hackers that operate in a distributed, multi-tenant service infrastructure.
Qualifications
+ 3+ years of management experience delivering and operating large scale, highly available distributed services
+ 5+ years of software engineering experience
+ Strong overall business and communication skills, including executive presentation skills and eye for business
+ Strong leadership and people management skills
+ Understanding the importance of a balanced work approach to encourage team culture
+ Strong knowledge of data structures, algorithms, operating systems, and distributed systems fundamentals
+ Strong understanding of databases, NoSQL systems, storage and distributed persistence technologies
+ Prior experience with Security
+ Understanding of known security vulnerabilities and mitigations
+ Programming and debugging fundamentals in languages/interfaces, such as C/C++, Java, Python, etc
**Responsibilities**
Responsibilities
+ Leading a diverse set of personalities and talent
+ Understanding the importance of a healthy and supportive team culture
+ Support a culture of accountability, integrity and high expectations
+ Effectively communicate to anyone in the organization, from the most technical operator to senior leadership
+ Stay abreast of known vulnerabilities which can impact our cloud and customers, and work towards applying appropriate mitigations
+ Guide and mentor the teams which perform security reviews, and clearly communicate their findings
+ Drive implementation and verification of security features to enhance the security of our platforms
+ Recommend methodologies for secure service development driving continuous improvement in the engineering organization - Including mentoring, developing, and delivering training materials as well as producing frameworks to reduce standard methodology patterns to an application for use in production efforts
+ Collaborate to develop a long-term security roadmap for the features we invest in first
+ Responsibly and securely disclose 3rd party vulnerabilities to vendors
+ Provide direction and advice on emerging threats, weaknesses, and security practices that may impact the security posture of OCI
+ Manage and lead the performance of security teams and security testing activities
+ Be able to critically examine an organization and system through the perspective of a threat actor and articulate risks in clear, detailed terms.
+ Guiding effective remediations and fixes in our platforms
+ Demonstrate solid understanding of distributed networks, major operating systems and their associated peripherals
Disclaimer:
**Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.**
**Range and benefit information provided in this posting are specific to the stated locations only**
US: Hiring Range in USD from: $120,100 to $251,600 per annum. May be eligible for bonus, equity, and compensation deferral.
Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business.
Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.
Oracle US offers a comprehensive benefits package which includes the following:
1. Medical, dental, and vision insurance, including expert medical opinion
2. Short term disability and long term disability
3. Life insurance and AD&D
4. Supplemental life insurance (Employee/Spouse/Child)
5. Health care and dependent care Flexible Spending Accounts
6. Pre-tax commuter and parking benefits
7. 401(k) Savings and Investment Plan with company match
8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.
9. 11 paid holidays
10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.
11. Paid parental leave
12. Adoption assistance
13. Employee Stock Purchase Plan
14. Financial planning and group legal
15. Voluntary benefits including auto, homeowner and pet insurance
The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.
Career Level - M3
**About Us**
As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.
We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all.
Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.
We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing or by calling in the United States.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.
View Now
9