Velera

Information Security Program Manager (Penetration Testing) - REMOTE

Velera

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $110,100 - $143,100 per year

Job Level

SeniorLead

Tech Stack

CloudCyber Security

About the role

  • Supports the development, implementation, monitoring and communication of the information security program and related activities
  • Works in collaboration with key stakeholders and technical teams across the organization to ensure that the information security program and requirements aligns with business objectives, mission, and values by developing comprehensive processes, strategies and tactics
  • Maintains a current understanding of emerging cyber threats, and new solutions which may impact cloud and on premises environments
  • Maintains penetration testing program, conducts red team and blue team exercises, performs internal and external penetration testing, and application vulnerability assessments to identify potential threats
  • Performs focused information security risk assessments of existing or new business processes, services and technologies, along with business counterparts
  • Communicates security risk assessment findings to information stakeholders, security leadership, risk management, information governance, and internal audit as necessary
  • Maintains strong working relationships with individuals and groups involved in managing information security risks across the organization
  • Facilitate the organization by implementing the risk management process and assisting individuals in identifying, analyzing, and evaluating risks in accordance with policy
  • Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
  • Performs review and validation of all deliverables for SOC, Incident Response (IR), Threat Intelligence, Threat Hunting, to improve overall security posture
  • Provides consultative advice to cybersecurity governance or security teams that enables them to suggest informed risk mitigation decisions
  • Provides knowledge and expertise in government regulatory processes and documentation, including but not limited to Risk Management Approach (RMA), National Institute of Standards and Technology (NIST) standards, and policies and procedures
  • Translates technical information security requirements into clear, actionable policies that employees can understand and follow
  • Monitors and audits compliance of cybersecurity policies to identify gaps
  • Perform all other duties as assigned

Requirements

  • BS or MA in Computer Science, Information Security, or equivalent combination of education and experience within Information Technology
  • 8+ years of experience in cybersecurity, with focus in the areas of information risk analysis, security engineering or security architecture role
  • 5+ years of experience with regulatory compliance and information security management frameworks (e.g., ISO 27000, COBIT, NIST CSF, PCI DSS)
  • Must possess at least one of the following certifications CompTIA PenTest+, CEH, CPT, CEPT, or CCPT required
  • Must possess the CISSP certification or equivalent information security certification or experience
  • Experience in application development security and relevant tools such as SAST, DAST, SCA, RASP, and IAST
  • Experience building, executing, managing, and maintaining a penetration testing program
  • Experience in performing penetration testing, secure code review, static, dynamic and manual source code review
  • Experience in program and project management
  • Experience in cybersecurity strategy planning
  • Experience identifying and assessing risks to the organization's business
  • Experience crafting and executing Information Security initiatives, including capturing and redefining requirements into impactful work items