Manager, Security Assurance
JOB DESCRIPTION
The Security Manager is responsible for working across internal stakeholders and cloud operations teams to drive key aspects of continuous monitoring requirements.
Responsibilities include:
● Lead small team of cloud security assurance engineers, managing objectives and priorities.
● Reporting on compliance assurance from a security lens to upper management
● Assure team carries out its activities across cross functional teams in an unbiased neutral party with ability to call “balls and strikes” in a diplomatic fashion
● Coordinate with internal stakeholder operations teams to demonstrate the
implementation of security compliance control implementations for technical,
management, and operational requirements
● Perform vulnerability and compliance scanning, analyze results, provide assessments and reviews
● Audit security control to ensure compliance with cloud requirements and governance models
● Support the development of technical material, operational processes, security policies, and other core documents
● Manage compliance metrics to SOC2, ISO, FedRAMP and DOD standards
Experience, Skills and competencies
Five or more years experience in:
● Skilled in aligning cloud security to multiple compliance domains (NIST based)
● Strong Linux skills (RHEL preferred)
● Experience working with of DoD STIG’d systems
● Experience on NIST SP 800-53 Series, FedRAMP and DoD cloud systems
● Strong vulnerability scanning tool skills
● Skilled in assuring all assets are under a proper security regiment
● Comprehension of CVE/CVSS scoring methods and knowledge of asset categorization to allow for proper risk alignment based on assets role within the cloud platform
● Experience using a full governance risk and compliance platform (ServiceNow preferred)
● Ability to independently review security teams work and make remediation's / recommendations for improvements from a compliance perspective
● Experience with incident response work flows and ability to audit proper logging and alerting is in place.
● Experience working in AWS environments is a plus
● Experience with the production and/or editing of technical drawings using MS Visio or similar design tools
● Experience having written technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, and continuous monitoring (Preferably in the form of a System Security Plan (SSP))
● POA&M collaboration with internal compliance team; understanding of Third-party
Assessment Organizations (3PAO) audit request and proven ability to provide necessary 3PAO evidence requests
● Experience collaborating with cloud compliance and operation teams
● Use of Nessus and Burp Suite automated tools to pinpoint vulnerabilities and reduce time-consuming tasks
General skills include:
● Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities
● Excellent English language, grammar, and spelling skills for writing, editing, and proofreading
● Ability to work independently or as a member of a team on various tasks
● Skilled at organizing and translating information into clear written documentation and articulating complex concepts and processes in writing
● Proven ability to effectively research subject matter
● Experience working in a collaborative environment
● Ability to work well under tight deadlines and effectively interact with a wide range of people
Industry-specific requirements
Knowledge, experience and subject matter expertise in the following:
● FedRAMP (Federal Risk Authorization Management Program)
● NIST SP 800-53 Rev 4
● NIST SP 800-37
● FISMA (Federal Information Systems Management Act)
● NIST RMF (Risk Management Framework)
● Supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies
● NIST FIPS 199, Data Classification
Education
● Bachelor degree in a relevant field (e. g., Cybersecurity, Information Security, Information Assurance, etc.)
Additional
● US Citizenship required
Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom’s values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.
We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.
All your information will be kept confidential according to EEO guidelines.
Explore Zoom:
Hear from our leadership team
Browse Awards and Employee Reviews on Comparably
Visit our Blog
Zoom with us!
Find us on social at the links below and on Instagram