• Serve as direct manager to a team of globally dispersed security operations professionals, providing day-to-day guidance and team leadership to ensure optimized levels of execution.
• Provide status, reporting, and metrics to the Director.
• Use Operational KPIs and metrics to monitor and evaluate the efficiency of day-to-day operations.
• Manage the technical aspects of ZeroFox’s Security Program including vulnerability management, incident management, security testing, intrusion detection, auditing and monitoring.
• Manage internal threat and vulnerability assessments and application security testing.
• Review and validate remediation activities resulting from threat and vulnerability assessments.
• Serve as project manager for technical security initiatives and provide advisory support.
• Maintain and verify adherence to technical security configuration standards.
• Respond to security related questions for client-facing Request for Proposals or Request for Information as needed.
• Works directly with counterparts in the business and corporate units.
• Identify and champion security projects to address identified risks and meet business security requirements.
• Assists with escalations by working cross-functionally to collect data points, metrics, and details that will prove useful in analyzing root cause.
• Leverage the collective expertise of the Security, IT, and DevOPS teams to recommend solutions to significant and complex security events.
• Interface with and help resolve internal and external (customer, vendor) stakeholder escalations.
• Oversee internal security investigations in response to reports of possible information security/privacy violations, coordinating with other departments (IT, HR, Legal).
• Oversee the execution of regular information security assessments, providing escalation assistance for any gaps, including management of development and implementation of prioritized plans for remediation.
• Assist with annual Security Operations & DevSecOps product roadmapping, budget, and capacity planning efforts.
• Manage quarterly product and operations backlogs for Security Operations and DevSecOps.
• Understand and promote principles and execution of continuous process and performance improvement for all information security procedures.
• Demonstrate an extensive knowledge of and regularly monitor and stay up to date on relevant industry changes, trends, laws, regulatory updates and best practices.
• Coordinate yearly table-top incident response exercises, security awareness training, HIPAA training, privacy training, and phishing exercises.
• Assist with System Security Plans (SSP), Security and Privacy policies, Plan of Action & Milestones (POA&M) and required documentation in support of the company’s FedRAMP Certification program and Federal customers.
• Develop, document, and implement Standard Operating Procedures.

Required qualifications and skills

• Bachelor’s degree in cybersecurity, computer science, or equivalent experience.
• At least 6 years prior experience managing security operations teams.
• Expert knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: NIST SP 800-53, ISO 27001, SOC 2, PCI, SOX, ITSM, etc.
• Solid understanding of Federal and International security & privacy laws and regulations: CCPA, GDPR, FISMA, HIPAA.
• Experience working with 3rd party Risk Management auditors and Risk Management Frameworks.
• Prior experience developing and maintaining information security policies
• Prior experience conducting information security assessments, including identifying gaps, developing plans to fill gaps and hands-on implementation of solutions
• Prior experience monitoring for and responding to information security issues
• Prior experience working with cloud, network, host, and product security
• Physical security experience a plus

Equal Opportunity, Diversity & Inclusion: We aim to build a team that represents a variety of backgrounds, perspectives, and skills. We embrace inclusion and ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, military or veteran status, or any other personal characteristic.