Senior Manager, IT Security Operations, Washington, District of Columbia

Washington, DC
Full time
Posted 30+ Days Ago
JR8

Position Summary

We are seeking a highly skilled and motivated Senior Manager, IT Security Operations to join our team. As the Senior Manager, IT Security Operations, you will play a crucial role in safeguarding our organization’s assets, ensuring the integrity and confidentiality of sensitive information, and maintaining the overall security posture of our systems and networks.

This is a remote or hybrid position with preference for hybrid candidates in Washington, DC, but we will also consider hybrid candidates in New York, NY and remote candidates elsewhere in the United States.

Compensation:

Salary range based on geo-differentials:

$98,000-$113,000/year = National

$110,000-$125,000/year = Alaska, CA (not San Francisco), Connecticut, D.C., Chicago, Oyster Bay, NY

$125,000-$140,000/year = NYC (not Oyster Bay), San Francisco, Seattle

Essential Functions

Security Incident Response:
• Partner with Chief Technology Officer, Senior Director of Information Technology, and Virtual Chief Information Security Officer (vCISO) to assess and respond to security incidents.
• Monitor and respond to security alerts and incidents compliant with service level agreements outlined by policy.
• Investigate, analyze, and document security incidents compliant with “chain of custody” processes, and implement appropriate countermeasures.

Security Tool and Services Management:
• Evaluate, procure, administer, and manage security tools and supporting vendor services, including but not limited to password managers, phishing threat management, firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint management, endpoint detection and response (EDR), managed detection and response (MDR), antivirus, document management, and Security Information and Event Management (SIEM) solutions.
• Regularly monitor, update, and fine-tune security systems to enhance effectiveness.
• Lead vendor security review process in partnership with vCISO.

Security Policy and Compliance:
• Assist in the development, implementation, review, and enforcement of security policies, standards, and procedures guided by ISO 27000 standards.
• Ensure compliance with industry-specific regulations (e.g., PCI) and standards and coordinate and participate in regular audits.

Access Control and Authentication:
• Administer Identity Provider (IdP) to manage user accounts, permissions, and access levels across various systems, following Identity and Acces

Management (IAM) workflows.
• Maintain system role mapping documentations and lead and coordinate regular entitlement reviews as necessary.
• Implement, administer, and manage multi-factor authentication (MFA) and single sign-on (SSO) solutions.

Vulnerability Management:
• Oversee scheduled vulnerability scans and penetration tests.
• Coordinate with relevant teams to remediate identified vulnerabilities.

Security Awareness and Training:
• Curate and oversee security awareness program and portal for employees.
• Provide specialized training on best practices for security hygiene.
• Oversee phishing test program and remediation training program.

Security Documentation:
• Maintain accurate and up-to-date security documentation, including incident reports, policies, procedures, and configurations.

Collaboration and Communication:
• Collaborate with cross-functional teams to ensure security measures align with overall business objectives.
• Communicate security risks and recommendations to management and relevant stakeholders.
• Act as lead facilitator of IT Security Operations working group and participate in Architectural Review Board meetings.

Server and Network Configuration:
• Assist cloud and network administration team with configurations and function of servers to limit access, mitigate intrusions, and protect assets.
• Assist cloud and network administration team with configurations and topology of network devices to safeguard points of access and data security, including firewalls, routing, and ACLs.

EEO Statement

The National Audubon Society is a federal contractor and an Equal Opportunity Employer (EOE). All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. We are committed to a policy of nondiscrimination, inclusion and equal opportunity and actively seek a diverse pool of candidates in this search.

Accessibility Statement

The National Audubon Society endeavors to keep our careers site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Accommodations@audubon.org. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

PI239388100