Principal, Threat and Vulnerability Management
Waste Management Corporation - Houston, TX

This job posting is no longer available on Waste Management Corporation. Find similar jobs: Principal jobs - Waste Management Corporation jobs

The Waste Management Information Security Office seeks a Team Lead for Threat and Vulnerability Management to identify and evaluate complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement. Assist in the selection and tailoring of approaches, methods, and tools to support service offerings or industry projects. Use technology-based tools or methodologies to review, design, and/or implement products and services.

The candidate must have strong skills in conducting technical analysis of potential vulnerabilities and recommend improvements to existing information security standards. The candidate must also have the ability to coordinate response actions, and disseminate technical information as appropriate in support of WM's critical infrastructure/assets.

The Team Lead for Threat and Vulnerability Management needs to be well organized, reliable, a strong communicator, detail oriented, demonstrate good judgment, be confident working independently and comfortable in the handling of confidential information. The role involves extensive interaction with groups both internal and external to the company; including but not limited to: Law Enforcement, Legal, Corporate Security, Human Resources, and various IT teams and business partners.

Duties and Responsibilities:
Provide day-to-day management for the Information Protection function, responsible for security technologies utilized to protect WM's data and networks.
Manage budgets related to operational and capital expense objectives.
Participate in WM's Information Security Office leadership team to drive innovative security solutions, and collaboration with other IT and global functions.
Responsible for managing the work environment, identifying workforce needs and ensuring performance against expectations, values and vision.
Off hours support required due to the 24x7 nature of this team.

Supervisory Responsibilities

Incumbent will lead a group of up to 6 information security professionals

Education and Experience:
Required:
Minimum of 5 years of Threat and Vulnerability Management experience
Minimum of 5 years of management experience
Fortune 500 experience

Preferred:
Bachelor's degree in Computer Information Systems / Management Information Systems or equivalent experience

Certificates, Licenses and Registrations:
Must have, or able to obtain within 12 months, either the Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certifications.
Other professional certifications desired include: CWSP, CISA, GIAC
Other vendor certifications desired include: CCNA, CCNP, CCSP, MSCE

Other Knowledge, Skills or Abilities:
Must have expert knowledge of Threat and Vulnerability Management processes and technology
Must have expert technical proficiency in at least one vulnerability management tool such as Qualys, Core Impact or WebInspect
Must have high proficiency in investigative practices and procedures
Forensics knowledge is a plus

Other Knowledge, Skills or Abilities that Contribute to Success:

Previous Criminal Justice experience is significant plus.
Ability to create and deliver presentations targeted to either end users or senior management
Highly technical across a broad range of computing platforms and network protocols
Experience in several or more of the following technologies: Firewalls, Intrusion Prevention, Vulnerability Scanning, Data Loss Prevention, Email Security, Endpoint Security, DNS, Web Content Filtering, SEIM, AV, Certificate Authority and encryption
Understanding and experience with IP address space management, subnetting, name resolution, and directory service protocols and be able to participate and guide future network LAN/WAN planning and implementation
Familiarity with key security models and regulations such as ISO 2700X, SOX and PCI
Ability to support both internal and external audits.
Experience in the areas of change control, problem management, incident management troubleshooting of security solutions
Ability to handle successfully multiple projects at one time
Strong communicator both written and verbally
Actively participate in professional organizations such as ISSA, ISACA, and InfraGard

Waste Management Corporation - 3 years ago - save job - block
About this company
1,009 reviews
Waste Management is the leading provider of comprehensive waste management and environmental services in North America. We are also a...