The Waste Management Information Security Office seeks a Team Lead for Threat and Vulnerability Management to identify and evaluate complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement. Assist in the selection and tailoring of approaches, methods, and tools to support service offerings or industry projects. Use technology-based tools or methodologies to review, design, and/or implement products and services.
The candidate must have strong skills in conducting technical analysis of potential vulnerabilities and recommend improvements to existing information security standards. The candidate must also have the ability to coordinate response actions, and disseminate technical information as appropriate in support of WM's critical infrastructure/assets.
The Team Lead for Threat and Vulnerability Management needs to be well organized, reliable, a strong communicator, detail oriented, demonstrate good judgment, be confident working independently and comfortable in the handling of confidential information. The role involves extensive interaction with groups both internal and external to the company; including but not limited to: Law Enforcement, Legal, Corporate Security, Human Resources, and various IT teams and business partners.
Duties and Responsibilities:
Provide day-to-day management for the Information Protection function, responsible for security technologies utilized to protect WM's data and networks.
Manage budgets related to operational and capital expense objectives.
Participate in WM's Information Security Office leadership team to drive innovative security solutions, and collaboration with other IT and global functions.
Responsible for managing the work environment, identifying workforce needs and ensuring performance against expectations, values and vision.
Off hours support required due to the 24x7 nature of this team.
Incumbent will lead a group of up to 6 information security professionals
Education and Experience:
Minimum of 5 years of Threat and Vulnerability Management experience
Minimum of 5 years of management experience
Fortune 500 experience
Bachelor's degree in Computer Information Systems / Management Information Systems or equivalent experience
Certificates, Licenses and Registrations:
Must have, or able to obtain within 12 months, either the Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certifications.
Other professional certifications desired include: CWSP, CISA, GIAC
Other vendor certifications desired include: CCNA, CCNP, CCSP, MSCE
Other Knowledge, Skills or Abilities:
Must have expert knowledge of Threat and Vulnerability Management processes and technology
Must have expert technical proficiency in at least one vulnerability management tool such as Qualys, Core Impact or WebInspect
Must have high proficiency in investigative practices and procedures
Forensics knowledge is a plus
Other Knowledge, Skills or Abilities that Contribute to Success:
Previous Criminal Justice experience is significant plus.
Ability to create and deliver presentations targeted to either end users or senior management
Highly technical across a broad range of computing platforms and network protocols
Experience in several or more of the following technologies: Firewalls, Intrusion Prevention, Vulnerability Scanning, Data Loss Prevention, Email Security, Endpoint Security, DNS, Web Content Filtering, SEIM, AV, Certificate Authority and encryption
Understanding and experience with IP address space management, subnetting, name resolution, and directory service protocols and be able to participate and guide future network LAN/WAN planning and implementation
Familiarity with key security models and regulations such as ISO 2700X, SOX and PCI
Ability to support both internal and external audits.
Experience in the areas of change control, problem management, incident management troubleshooting of security solutions
Ability to handle successfully multiple projects at one time
Strong communicator both written and verbally
Actively participate in professional organizations such as ISSA, ISACA, and InfraGard
Waste Management Corporation - 2 years ago
Waste Management is the leading provider of comprehensive waste management and environmental services in North America. We are also a leadin...