Senior Manager, Cyber Security Strategy and Program Management

About the Role

The Senior Manager, Cybersecurity Strategy and Program Management in the Corporate Information Technology Group – Global Cybersecurity and Privacy Division will be responsible for designing and administering procedures in the organization that sustain the security of the organization’s data and communications systems. Additional duties include assessing the risk of exposure of proprietary data through weaknesses in platforms, applying leading practices better to manage cybersecurity people, process, and technology capabilities; developing metrics to track the effectiveness of cybersecurity programs; identifying trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security.

What You’ll Do

Provide Management oversight, define and maintain the Information Security Management Systems (ISMS) program, processes, standards, and guidelines related to data and systems protection. Some of the responsibilities of this individual include:

• Provide oversight and maintain the cybersecurity strategy roadmap
• Provide insights through research and assessment of the design and operations of cybersecurity programs and strategies to assist in the creation of measurable, sustainable programs to keep up with the ever-changing cybersecurity landscape
• Work with Cybersecurity, IT, and global team members to assess cybersecurity programs and strategies using our proprietary framework, design solutions to remediate gaps or enhance the maturity of specific cybersecurity capabilities, improve cybersecurity measurements and monitoring, and develop sustainable processes.?
• Work closely with cybersecurity leadership to co-lead cybersecurity initiatives, motivate teams, provide leadership, expert advice, and counsel senior IT Leadership, IT Project teams, and Users of complex architectural environments (typically crossing function/location lines) on cybersecurity initiatives.
• Foster relationships with extended IT and cross-organizational personnel to analyze, evaluate, and enhance information systems to develop and improve security at procedural and governance levels
• Provide technical and architectural subject matter expertise to the various development teams, including communicating architectural decisions and mentoring other technical staff around the multiple development technologies and choices
• Develops and implements on-prem and cloud-based strategic technology plan and oversees the day to day operations of a team of Information Security (InfoSec) engineers who support FTI’s technology stack both on-premise and the cloud-based environments
• Responsible for the functionality, quality, value, and timely delivery of products and services within our MS AZURE, Network Protection, Big Data, and Endpoint Protection Portfolio that supports the desired InfoSec Cloud capabilities for all lines of business
• Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a significant business interruption or disaster
• Plan or lead projects designed to develop and test new methodologies and systems to recover the critical core business processes and the enterprise infrastructure. Create policies and procedures for data center work
• Serves as a leader in the Azure space for InfoSec interfacing with internal and external customers and other parts of InfoSec
• Work with internal and external auditors to verify controls and address gaps accordingly
• Plan, manage, document, and evaluate the performance of subordinate staff. Provision their technical and professional growth through assignments, mentoring, and technical training opportunities
• Oversee the building and delivery of Cloud-based security services internally, while also leveraging third-party Cloud service providers (IaaS, PaaS, SaaS) \Planning and reporting of team activities using project/portfolio management methodology
• Assume backup or alternate responsibilities for other Cybersecurity staff as needed

How You’ll Grow

• Through working at the highest level of the organization and providing expert advice and counsel to Senior Information Technology Leadership, IT Project teams, and Users, it is expected that the responsibilities and span of functional responsibilities will increase over time
• This position is a direct report to the Head of Global Cybersecurity and is anticipated to be a key member of the Global Cybersecurity Leadership team

Basic Qualifications

• 7+ years overall IT experience, with previous experience in various server, network, and database administration roles and previous management/personnel leadership roles
• 5+ years’ experience in Information/Cyber Security, IT Audit/Security Assessment/Certification or Accreditation and Planning, as well as Data Privacy Risk Assessment and/or Business Continuity Planning experience
• Travel required to FTI office(s).
• COVID Vaccine required*

*Individuals seeking an exemption from this requirement for medical or religious reasons should complete a request for accommodation form and submit the form to [email protected].

PREFERRED SKILLS

• This individual will be expected to possess a deep understanding of both Public and Private Cloud technologies, particularly MS Azure
• Cloud Services experience; solution delivery expertise, migration of applications to the cloud, automation through various tools, both MS Azure native and third-party
• Proven expertise in building a defense in depth infrastructure security architecture that includes security controls across the technology stack
• Strong knowledge of networking, IAM, enterprise logging, SIEM, API Management, containerization, and security assessment tools/methodologies
• Exceptional experience influencing collaborating and negotiating positive outcomes across stakeholders in a highly matrixed organization
• Proven Experience Developing Security and Data Protection programs
• Strong understanding of information security principles, architecture, and methodologies (including risk assessment)
• Experience with Enterprise Architecture frameworks such as TOGAF, DoDAF, FEAF, etc.

Level Requirements

• A Positive, Self-Motivated/Independent Leader
• Excellent written and verbal communication skills
• Strong attention to detail
• Flexible, Autonomous, or Team player – i.e., able to work independently with little guidance or as a team contributor in a fast-paced, deadline-driven environment
• Highly Organized and Highly Adaptable to changing priorities
• Project Management Experience
• Bachelor’s Degree in Business, Management Information Systems, or related field preferred; graduate degree a plus.
• Professional designations preferred: CISA, CISSP, CRISC, and PMP; others: CISM, CIA, CPA, CBCP, CIPP/IT a plus. (Note: Must be able to complete CISA and CISSP certifications)