Security Operations Manager
Location: Denver, CO
This position is will be responsible for all aspects of security at Payfone including building a security team and related operational capabilities as the company grows and scales. Position consults with IT, Project Management, Product Management, Internal Audit, Software Development and other peers on proper security architecture and software development processes to ensure the applications developed and systems implemented are in line with security best practices and Payfone policies and standards.
What You Are Accountable For
- Evaluates the current methods in use by Payfone to access and process data via Payfone APIs and applications.
- Develops repeatable architectures working with IT Operations to ensure that systems are placed within the relevant security zones based on the data they house and their purpose.
- Develops Payfone security policy and procedures and serves as the point of contact for all security issues.
- Works with enterprise architecture to ensure systems with PII data are compliant with PCI standards
- Evaluates all product business cases including functional and detailed design specs to ensure security standards are met and approves all changes from a security perspective.
- Ensures compliance with all security related SOC 2 / SSAE 16 and PCI Audit controls and assists with compliance questionnaires and internal/external audits.
- Develops architectural reference material to ensure that security practices are being implemented in a repeatable fashion every time a new project is implemented
- Supports the business need for forensic investigations for any breach, infection, or investigation into employee concerns.
- Develop and manage an enterprise wide business continuity plan and testing program
- For Application Security assignments:
- Work with external penetration testing organizations to coordinate application and network based penetration
- Work with team to complete internal application and network penetration testing
- Work with development to do static code analysis before code is released to production
- Interact with customers to gather yearly testing and security requirements, review penetration testing findings, mitigating controls and/or projects to rectify security vulnerabilities.
- For Infrastructure assignments:
- Ensures internal systems and applications infrastructure are implemented following security policy, best practices and the 3 tier model. Work with enterprise architecture to ensure systems are compliant with PCI standards
- Support the business need for forensic investigations for any breach, infection or investigation into employee concerns.
- Complies with all security policies and procedures to ensure the highest level of system and data confidentiality, integrity and availability is maintained.
Education & Experience
- Education and experience typically obtained through completion of a Bachelor’s degree in Computer Science, Engineering, Math or Physical Science.
- Minimum 7-10 years of general IT experience, with a minimum 5 years of IT security management experience and two years of Security Architecture or Consulting experience.
- Working knowledge of Oracle databases
- Ability to work independently and within a team environment.
- Effective interpersonal skills, with ability to present to peers, coworkers and customers
- Knowledge of operating system, application, network, and database security architectures.
- Experience analyzing technical issues and making recommendations for corrective action.
- Approved background is required. Additional background check may be required as this is a position of special trust.
- Exposure to PCI. ISO and SSAE 16 compliance
- Mobile or bank related experience a plus.
- CISSP, MCSE, SCSA, CCNA or CISA certification
- Certification in penetration testing or ethical hacking is a plus
- Experience in malware reverse engineering desirable
- Experience with VmWare, F5