Reporting to Chief Information Officer, the IT Security Manager will oversee the cybersecurity strategy, development and execution of the cybersecurity roadmap, and the management of security incidents. This role shall support the development and delivery of cybersecurity training for the organization and ensure that our risk posture is balanced to meet the risk tolerance for the company. They will partner with business functions to develop practical business continuity plans that include all aspects of technology risk. In addition, this leader will work closely with our IT Infrastructure team to assure basic infrastructure controls and procedures are implemented that build a foundation for information security.

Salary Range for this role: $120,000-130,000 plus a 10%

Location: Remote/Work from home

Valet Living is the leading provider of amenity services for the multi-family housing industry. We have over 8,000 associates in 40 states delivering services such as concierge, package delivery, housekeeping, pet services, and doorstep trash removal. We are a cloud-only technology platform business with a combination of proprietary mobile application solutions and industry leading SaaS platforms such as Microsoft, Oracle, Salesforce, and Workday. We serve both business clients and their residents directly through technology enabled services in a high-growth service-oriented business environment. Our technology team is a small group of leading professionals who work closely with functional leaders to provide innovative solutions. The leader in this role will be expected to both develop industry leading security capabilities and be very hands-on with fellow associates, clients, and residents as we implement solutions.

RESPONSIBILITIES/DUTIES:

• Develop, drive alignment, and realize a cybersecurity strategy that balances the risk tolerance the company has with the present cybersecurity risk posture
• Operate cybersecurity tools, review cybersecurity metrics, and provide weekly updates to the CIO concerning the state of cybersecurity and progress realizing the cybersecurity strategy
• Design and create information security processes (e.g., vulnerability mgmt., incident response, event monitoring, etc.)
• Coordinate with the EVP, General Counsel and Compliance to assure compliance with PCI, CCPA and similar requirements as well as conduct annual Privacy assessments and manage remediation of any major findings
• Conduct regular vulnerability scans, manage remediation of findings from these tests, and provide updates to the Executive Committee concerning the results from these tests
• Maintain supplier relationships supporting cybersecurity and conduct supplier reviews
• Serve as the central point of contact on incidents, leading the communication, triage, forensics, response, and preventative efforts concerning the incident.
• Maintain/refine Incident Response Plan and conduct annual IR test
• Develop Business Continuity Plan, and conduct annual BCP test
• Conduct annual review of backups, ensuring adequacy, reliability of operation, and test of restoration/use of backups as a source of resiliency
• Direct the work of the Infrastructure Administrator regarding appropriate maintenance practices and projects to maintain performance and security
• Collaborate with the IT Support Manager to evolve the desktop, network, and data center solution stack supporting cybersecurity
• Manage delivery of regular security training appropriate to all levels in the organization including simulations/testing for high-risk activities such as phishing.
• Keep leaders and peers apprised of cybersecurity incidents and response
• Performing risk assessments for projects, and providing guidance to leadership on the appropriate course of action
• Establish and maintain key cybersecurity policies
• Perform other duties as assigned

KNOWLEDGE, SKILLS AND ABILITIES:

• Experience developing or supporting the development of cloud infrastructure and cybersecurity strategy
• Demonstrated knowledge of Incident Handling, Threat Intelligence, Security Architecture and Design, and cybersecurity technologies and trends.
• Demonstrated experience with a major ticketing system and a SIEM portal and/or reporting system
• Experience operating and configuring Firewalls, Intrusion Detection Systems, Security Information and Event Management (SIEM), Web Application Firewalls, Application Whitelisting, Endpoint Detection and Response (EDR), and Network Packet Capture Solutions.
• Experience with Information Security Compliance Frameworks like HIPAA, CCPA, SOX, ISO 27001, ISO 27005, NIST 800-53, NIST 800-30, and PCI DSS is desired.
• Experience with Microsoft Defender and Advanced Threat Protection
• Ability to read/translate IDS/IPS, Syslog & firewall logs, rules, and configuration
• Excellent organizational, verbal, and written communication skills
• Ability to prioritize work and influence the practices of fellow team members within and outside of Information Technology.
• Able to work with cross-functional teams within the organization

EDUCATION AND EXPERIENCE REQUIREMENTS:

• Bachelors degree in Computer Science, MIS, or equivalent
• CISSP, CISM, and/or SANS GIAC series, and other certifications that demonstrate a commitment to continued professional information security advancement
• Microsoft Azure IaaS/PaaS end O365 experience preferred
• 6+ years of information security/cybersecurity experience
• 2 years of management experience
• Project management experience preferred

PHYSICAL REQUIREMENTS:

• Sedentary work that primarily involves sitting/standing while and working on a computer

SPECIAL CONDITIONS OF EMPLOYMENT:

• Ability to pass a background check and drug screen

Valet Living is an Equal Opportunity Employer that values the strength diversity brings to the workplace. We recruit, employ, train, compensate, and promote without regard to race, religion, creed, color, national origin, age, gender, sexual orientation, gender identity, marital status, disability, veteran status, or any other basis protected by applicable federal, state or local law.