Information Security Operations Manager
Department: Information Security
Reports To: The CISO
The information security operations manager will be responsible for developing and managing the global information security operations function in the CISO office. This role will own and drive the global rollout of a robust and formal approach to managing information security operations programs across all technology platforms and business environments. In addition, they will ensure appropriate information security operations while driving performance efficiencies based on the appropriate risk to technology and business environments.
The SecOps manager will interact with all levels of personnel to implement tools and controls that reflect business and operational needs balanced with legal and regulatory requirements and risks. This position will be responsible for the Information security operations program that defines how information security technical controls are managed and measured. The responsibilities include developing programs such as vulnerability assessment and management, vendor management, security monitoring, security metrics and reporting and security design incident response programs to react to risks from cyber threat sources response.
Responsibilities and Duties:
- Ensure that a defined information security program is in place and monitoring of information technology security practices occurs.
- Manage the effectiveness of the DoubleVerify’s information security program technologies, including progress on remedial actions, and serve as an internal information security consultant and subject matter expert
- Manage information security risks by routine assessments and developing a vulnerability and patch management plan and implementing the required controls
- Produce scheduled reports of the status of IT’s compliance with DoubleVerify’s information security program, contractual requirements and globally-recognized standards and guidelines
- Participate in risk assessments and the development of risk management plans
- Ensure the ongoing integration of information security with business strategies and requirements
- Lead all information security implementation projects and provide hands-on support
- Work with the incident response team to contain and investigate security events, and prevent future information security breaches with detailed root cause analysis
- Develop remediation plans for process/policy related information security vulnerabilities
- Develop and maintain technology, operations roadmaps for security infrastructure components, including but not limited to intrusion prevention/detection, data security, identity and access management, IT/network security, security information & event management, vulnerability management, code review, etc.
- Partner with other Information Security leadership team members to collectively build and drive the Information Security Program, Strategy, and Roadmap
- 10+ years’ experience in information technology; 5+ in leading an information security operations
- 5+ years of progressive information security work experience
- Demonstrated experience in developing and leading security programs in a multi-platform environment
- Demonstrated experience with managing people across multiple roles and functions and in a global environment.
- Strong hands-on experience in implementing and operating security solutions
- Deep understanding of IT infrastructure and systems
- Deep understanding of application security
- Ability to train, manage and assist co-workers and direct reports on all aspects of the program build and evolution
- Superior written, presentation, and verbal communication skills
- Exceptional organizational, interpersonal and team skills
- Ownership orientation to solving problems
- Information governance, data security, information privacy responsibility
- Education – Bachelor’s degree in computer science or related area
- Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.)
- Experience with MRC accreditation and deep understanding of the online advertising industry and ad platforms (networks, DSPs, ATDs, SSPs, Exchanges)