PHEAA is seeking a Manager of Cybersecurity Engineering to join our team. This position directs all the activities of the Cybersecurity Engineering team including definition and implementation of agency cybersecurity strategy, controls, performance of penetration and vulnerability assessments, and identification of necessary security technology. This role oversees design and provides architectural input on new cybersecurity security related projects and provides guidance to a staff of highly technical cybersecurity engineers and process owners. Responsible for assessing and reporting to the Vice President Enterprise Security on the security posture and compliance to agency security frameworks of all systems attached to PHEAA infrastructure. This role applies communication and problem-solving skills, and knowledge of best practices to guide the team on issues related to network, device, and monitoring techniques.
Shift: Monday-Friday, 8:00 am - 5:00 pm
Salary: Commensurate with Experience
Staff and Project Management
Oversee cybersecurity technology research and analysis, develop business case, and facilitate product/technology selection and acquisition.
Manage and mentor a team of cybersecurity engineers in a full range of cybersecurity engineering projects that includes all technical and administrative aspects of successful project delivery.
Recommend, implement, and continually report on a management approved agency cybersecurity strategy aligned with industry best practices, frameworks, regulations, and client contractual obligations.
Lead agency “red team” exercises, penetration testing, vulnerability assessment, and risk identification efforts.
Lead Computer Security Incident Response and Containment (CSIRC) efforts, including direct input to the incident response and breach processes.
Assist Enterprise Security Architect by providing security architectural guidance, promoting and articulating security vision, and recommending design approaches based on industry best practices to application and infrastructure teams.
Effectively communicate as a subject matter expert in a professional manner including technical review of contracts and proposals, and support internal and external audit efforts.
Oversee documentation and communication of cybersecurity engineering related initiatives and procedures.
Maintain knowledge of current security industry best practices and technologies and represent the Enterprise Security Office on agency risk, compliance, audit, incident management, governance, or other committees requiring Enterprise Security input or approval as directed by the VP, Enterprise Security.
Minimum qualifications: Bachelor's degree and 10 plus years of information technology experience with a minimum of seven years current experience and knowledge in cybersecurity. Minimum three years of relevant hands-on technical supervisory experience and demonstrated leadership capabilities and/or any combination of training, experience, and/or skills.
Advanced understanding of computers, networks and the internet, including network and application protocols, access control, operating system security, encryption, standards and information security trends and potential threats, common exploits, application weaknesses, and their potential effect on the information technology assets.
Demonstrated ability to work with a high degree of independence, yet also maintain professional and effective working relationships with team members, vendors, auditors and examiners.
Strong sense of customer service, attention to detail and desire for organization.
Proven project management skill delivering complex initiatives, working with numerous technical teams and a broad client base, while meeting quality and time expectations.
Proven ability to coach and mentor others.
Demonstrated experience working in hybrid computing environments with a combination of premise, and cloud based computing. Specific experience with AWS or Azure preferred.
Certification in Information Security Management (CISM) or Information Systems Security Professional (CISSP) or demonstrated current knowledge and experience with a willingness and ability to obtain certification within one year.
Knowledge of industry standard security frameworks (NIST, CIS, ISO) is preferred.
Preferred qualifications: Working knowledge of Financial industry environments strongly preferred and preference for degrees in one of the following fields: Computer Science, Computer Engineering, or Security and Risk Analysis.
If selected for a position, following a conditional job offer, all candidates for employment must be able to pass a criminal background check, which is not an automatic bar to employment; a student loan check, where all loans must be in good standing; and provide proof of education.
Candidates for this position would need to obtain the Public Trust security clearance. For this level of clearance, the federal government has a requirement that all applicants must possess a U.S. citizenship. In light of this federal government requirement, PHEAA will be unable to hire applicants without United States citizenship for such positions.