Job Summary:

The Cybersecurity Manager will be responsible for developing and implementing a comprehensive cyber security program for the organization based on leading practices such as CIS, ISO27, NIST, and others, with a deep understanding and analysis of emerging cyber security aspects including, but not limited to, threat intelligence, anti-advanced persistent threats, DLP, SIEM, GRC, security analytics, identity and access management, incident response, security awareness, and others.

Responsibilities:

• Develop IT security policy and operational procedures and best practices to safeguard against cyberattacks.
• Develop security risk management plan.
• Establish review procedures based on organization’s security risk management plan.
• Assess the effectiveness of the measures against security risk management plan.
• Establish a standard methodology for performing security tests in accordance with security requirements.
• Conduct regular risk assessments to identify vulnerabilities in the organization’s infrastructure and systems.
• Develop incident response plan.
• Evaluate effectiveness of current incident response plan against industry good practices.
• Test incident response plans periodically to ensure response times and executed procedures are acceptable.
• Identify threats and risks that are relevant to ODE’s operations and systems.
• Develop a documented action plan containing policies, practices and procedures that mitigate the identified risks.
• Manage and oversee the day-to-day operations of the cyber security team and provide guidance, support, and mentorship as needed.
• Perform comparative analysis of security service performance level parameters against security information sources.
• Prepare information security performance report based on results from analysis and correlation of information security events.
• Recommend suitable enhancements to improve information security performance.
• Review business and security environment to identify existing requirements.

Knowledge, Skills & Experience:

• Bachelor’s degree in computer science, Information Security, or a related field.
• 10 years of experience in cybersecurity or information security, including 3 years of experience in managerial or leadership experience.
• Strong knowledge of information security principles, cybersecurity frameworks, and risk management practices.
• Solid understanding of incident response, vulnerability management, and security testing methodologies.
• Proven ability to develop and implement security policies, procedures, and risk mitigation plans.
• Strong analytical, problem-solving, and risk assessment skills.
• Effective leadership and stakeholder management skills.
• Relevant certifications such as CISSP, CISM, CRISC, or ISO 27001 are an advantage.