The Manager, Information Systems Security is responsible for the day to day delivery and management of Global Operational Cybersecurity within the Quaker Houghton organization, ensuring the Confidentiality, Integrity and Availability of digital assets are maintained and safeguarded and conform to security policies where applicable. They will be responsible for managing Quaker Houghton global cybersecurity engineers and overseeing third-party monitoring and incident response partners. This is a technical management role where the position holder and the operational team will be responsible for monitoring, investigating, triaging, and mitigating security events, with the help of third-party security partners.
The incumbent will need to develop a full understanding of the Security and Business Infrastructure requirements of the Global Quaker Houghton organization and implement security solutions that meet security service and strategic objectives following global security guidelines where applicable. They will also be responsible for monitoring global governance to policies and guidelines regarding regional IT security.
- This position is responsible for ensuring continuity of operational security services and processes for computer users throughout the organization through planning, technical leadership, and project coordination.
- Using technical expertise, develop, manage, and support the IT Security Operations by assessing, monitoring, investigating and mitigating security threats utilizing current and future security tooling.
- Builds strong partnership between Quaker Houghton Operational Security and our Third-Party Outsourced Security vendors.
- Partner with internal and external businesses and IT stakeholders, to develop and manage an operational monitoring and incident response framework.
- Perform daily technical cyber security operations in production, development, staging with implementation, development and maintaining technical security controls: threat management, vulnerability management, SIEM (Security Information and Event Management) and incident detection tasks.
- Operate, maintain and provide advice and best practices on Quaker Houghton technical Cybersecurity defense and operations.
- Coach, mentor, and develop talent within the team. Act as a senior technical resource for direct reports.
Education, Experience & Skills/Competencies to perform the job duties
Key Education or Certification Required
- Bachelor/University degree in Security or Information Technology or equivalent combination of education and experience required
- Possess professional qualifications e.g., CISSP (Certified Information Systems Security Professional), SANS GIAC or is willing to obtain them
- Experience with establishing security event monitoring policies and procedures on technical and functional level
- Expert knowledge of Security Monitoring (SIEM) tools or processes for incident analysis.
- Experience liaising with external suppliers or subject matter experts
Required Minimum of Years of Relevant Experience
8+ years knowledge and hands-on progressive experience with different security domains or disciplines (e.g. network security, endpoint security, protocols, application security and associated hardware) with at least 5+ years of IT Security Operational Management experience
- Previous people management experience required
- Previous experience overseeing third party vendors is a plus
Required Skills and Competencies
- Expert level of knowledge of different security monitoring tools, including but not limited to, implementation, rules, policies, logfiles, SIEM, XDR and/or Microsoft Sentinel.
- Experience with Microsoft Security applications like Microsoft O365 Email Defender, Microsoft Azure Security, Privileged Access Management, Multifactor Authenticator and Microsoft Security
- Expert understanding of common computing attack vectors; information, host and network security hardening and requirements; networking protocols; SD-WAN (Software Defined Wide Area Network), MITRE; and common risk management concepts
- Experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and threat modeling Ability to juggle multiple priorities simultaneously
- Understanding of governance security frameworks as NIST 800.53, ISO 27000 series, COBIT and NIST Cyber Security Framework and implications on Operational Security and logging. Strong cross cultural working style for global interactions
- Expert level knowledge of security concept, monitoring tooling, content filtering, vulnerability scanning, and (managed) endpoint detection and response ("EDR"), and similar security tools?
- Strong verbal and written communication skills required, as this position requires regular contact with various levels of management
- Expert level knowledge and hands-on experience in creating operational security policies, processes, and standard operating procedures
- Analytical and Problem Solver - Identifies problems and uses available resources to identify a solution
- Acts with Integrity - Can be counted on to follow through with commitments
- Results Driven - Overcomes obstacles and finds resources to get things done. High energy self-starter who can work well with teams and independently. Ability to influence without authority.
- Structured - Structured way of working and strong written and verbal communication skills
- Strong process management skills
- Understanding and appreciation of current, new and emerging technologies
- Ability to travel to other European or Global Q-H sites
- The employee must occasionally lift and/or move up to 10 pounds.
- While performing the duties of this Job, the employee is regularly required to sit.
- The employee is frequently required to talk or hear.
- The employee is occasionally required to stand; walk; use hands to finger, handle, or feel and reach with hands and arms.
- Maintain the Highest EHS standards.