Director, Cyber Security Operations and Threat Management

General Purpose:

The Director for Security Opertions and Threat Management, is a strategic, and technically-grounded lead of  our information security team,  performing duties through processes and procedures necessary to ensure the safety of information systems and applications on premise and in the cloud. This role assists with protecting the confidentiality, integrity, and availability of company and customer data. 

This role is the primary architect of our defense-in-depth strategy, overseeing the teams (internal and external) responsible for detecting, neutralizing, and preventing cyber threats. You will bridge the gap between high-level security strategy and hands-on operational excellence, ensuring our global infrastructure—on-prem and cloud—remains resilient against an ever-evolving threat landscape.

In addition, the Director will manage and monitors various security systems/tools and supports the assessment of system security controls.

The ideal candidate is a "leader-doer" who can manage the security of complex environment while remaining sharp enough to deep-dive into an incident response bridge or a cloud architecture review.

Duties and Responsibilities:

Threat Management & Incident Management

* Detection Strategy: Build and maintain a world-class Threat Intelligence program to pivot from reactive to proactive defense.

* IR Leadership: Serve as the ultimate escalation point for high-priority security incidents, leading the Incident Response (IR) team through containment, eradication, and recovery.

* Hunting: Establish regular threat-hunting cadences to identify dormant or sophisticated actors within the environment.

*Stay abreast, and keep up with the latest threats and analyze the impact to the Jazwares environment

Security Operations (SecOps) & Tools

*SOC Oversight: Manage the 24/7 Security Operations Center (MSSP) to ensure high-fidelity alerting and low Mean Time to Resolve (MTTR).

*Tooling Optimization: Own the security stack (SIEM, EDR, XDR, SOAR). Ensure tools are integrated, automated, and providing maximum ROI rather than just generating "noise.

*Automation: Drive a "Detection as Code" philosophy to automate repetitive tasks and manual investigative steps.

*Be the costodian of all security tools such as PAM, Email Security, Backup and Recovery, etc. 

*Provide technical leadership and oversight to security operations activities and initiatives

*Participate in business continuity and disaster planning

*Provide guidance and support on security issues to other departments

*Ensure all software within the network has adequate security measures in place

*Propose metrics and prepare reports to show current security posture

*Monitor system events, log files, and alerts

Security Engineering & Cloud Security

*Cloud Governance:Define security guardrails for AWS/Azure/GCP environments, focusing on IAM, VPC security, and serverless protection.

*Infrastructure as Code (IaC): Partner with DevOps to integrate security checks into CI/CD pipelines (DevSecOps).

*Engineering Excellence:Lead the design and deployment of scalable security solutions that support business growth without introducing friction.

*Provide technical leadership and oversight to security engineering activities and initiatives

*Harden systems for cyber resilience

Vulnerability Management

*Lifecycle Management: Oversee the end-to-end vulnerability management process, from discovery and risk-based prioritization to remediation tracking.

*Exposure Management: Move beyond simple patching to manage the "attack surface," including external digital footprints and shadow IT.

Architecture & Design

*Security Blueprints: Collaborate with Enterprise Architects to ensure security is "baked in" to new product builds and internal migrations.

*Zero Trust: Lead the transition toward a Zero Trust Architecture, focusing on identity-centric security and micro-segmentation.

*Determine security requirements and security controls for new systems

*Develop and maintain architectural diagrams

Team Coaching

* Coach team memebrs and manage work plan on assigned projects

Any other tasks assigned by Manager

Manages People: Yes

Education/Experience

Minimum 8 years of experience within Information Security

At least 3 years of experience Threat Management and Security Operations 

At least one of the following certifications required: CISSP, CCSP, CASP+, any SANS GIAC or equivalent is prefered

AWS certifications such as “AWS Certified Security - Specialty” highly desired

Required Knowledge, Skills, Abilities:

Thorough understanding of the following areas: Threat Management, Secuity Operations,Application Security, Cloud Security, Data Security, Endpoint Security, Network Security, and User Access Security

Knowledge of security frameworks and standards such as NIST CSF, ISO27000, and/or CIS

Self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism.

Ability and desire to take ownership of multiple tasks and responsibilities.

Experience designing or implementing an enterprise level Security Program

Work Environment: Office 

#updated03-31