Job Information
Milliman, Inc Cybersecurity Operations & Incident Response Manager in Seattle, Washington
Description POSITION SUMMARY: This position functions as the manager of the corporate security operations and incident response teams and requires understanding the IT infrastructure in place at Milliman offices to ensure appropriate security measures are in place to prevent security breaches. The position has IS engineer direct reports responsible for security infrastructure and works in collaboration with the Manager of IT Operations & Infrastructure to recommend physical and technical information security best practices. The position also manages and collaborates with the corporate privacy office to address privacy-related events. The position reports to the Chief Information Security Officer (CISO). The Cybersecurity & Incident Response Manager will be responsible for supervising staff and executing IT Security projects. This position oversees the technical work of information security operations and incident response personnel. Additionally, this position will occasionally serve as a project or cross-functional team lead to ensure high-quality communications and technical delivery of the work being performed. The Cybersecurity & Incident Response Manager will set performance expectations for direct reports and provide constructive performance feedback on a regular basis. RESPONSIBILITIES: Operational oversight of cybersecurity solutions, including SIEM, MSSP, firewall, VPN infrastructure, secure web gateway, etc. Manage activities of corporate security operations and program management of information security initiatives with IT personnel across Milliman practices and disciplines. Manage activities of the incident response team and track and assist with mitigation of technical security incidents across the organization through resolution. Support prioritization and delivery of security audit artifacts for internal and external security audits. Develop and maintain metrics that quantify and monitor key process indicators (KPIs). Coach staff in the practices of security related requirements and provide guidance in the course of implementation and other changes. Keep up to date on information security threats and countermeasures and advise technical staff. Recommend security enhancements and purchases consistent with information security strategy and evolving threats. SKILLS & QUALIFICATIONS REQUIRED: Bachelor's degree: candidates must possess significant analytical skills evolved from academic training in Computer Science, Computer Engineering, or Information Systems. The ideal candidate must have minimum 8 years of business experience in the areas of Information Security. The ideal candidate must have at least one of the certifications: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM). The ideal candidate must have previous experience with ISO 27001/2, HIPAA, HITRUST and other industry regulatory controls and compliance preferred. The ideal candidate must have previous experience with cloud security control design and management. The ideal candidate must have working knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Access Management, or Web Services. The ideal candidate must have prior experience supervising and professional development of staff in the Information Security field. Must have prior experience working with geographically diverse offices in a global organization. Must have the ability to handle multiple projects. Must have the ability to interpret information security data and processes to identify potential compliance issues. Must have the ability to clearly and effectively communicate Information Security matters to executives, auditors, and end-users. Must have the ability to work effectively and organize priorities independently.