Security Program and Operations Manager

Job Description

WithSecure™ protects businesses all over the world from modern threats. We do this through a Co-security approach born from first-hand knowledge that no one can solve every cyber security problem alone. Every single day, our diverse, growing team fights against online extortion, threats to national infrastructure, the unlawful spread of sensitive information, and everything in-between. The best part about working for WithSecure is our people! We are a community of dedicated and passionate professionals that take workplace happiness seriously. If you’re looking for something that’s more than just a job – we’d love to hear from you.

As the Security Program and Operations Manager, you will perform the necessary governance of the initiatives as well as monitor the health of our security operations across the organization. You will be working with different people cross-functionally in the pursuit of continuously elevating the security posture of the organization whether in a time-bound project or in handling continuous operations. As a cybersecurity company, we intend to be a role model in how to continuously elevate the security of an organization so we can also teach our customers and partners.

We have an ISO 27001 certification and ISAE 3000 Type 2 assurance report as external evidence of our internal security posture.

Key Responsibilities

The CISO Office is a small team and you’re expected to wear many hats beyond your job description. That being said, your primary responsibilities are the following:

• Govern the planning, execution and monitoring of the different security initiatives cross-functionally.
• Define processes and reporting mechanisms to monitor the overall health of the security initiatives.
• Govern continuous security operations across the organization via processes, metrics and KPI’s.
• Lead the handling of internal incidents whenever the need arises.

What are we looking for?

• An organized worker. The security program may be driven from inside or outside the CISO Office. The person most suited for this role is someone who can take into consideration the different planning and execution cadences of the individuals and teams in different units/functions.
• A lover of data and metrics. Our distributed security operations have many data points that when collected show trends on the trajectory of our security posture. The person suited for the role is someone who likes to work with different data points as well as learn the tooling needed to generate metrics that can aid decision-making. You need to be fine working with tools like Jira, Sentinel and the various security tools across the organization.

• Someone who is flexible. As part of a small security function this role requires flexibility whether working on projects, holding planning and workshops, leading handling of incidents and supporting compliance activities.

• A networker. Cross-functional is the default way of working. Working with people with various backgrounds need to be something that you enjoy.

• A hard worker. Securing an organization can sometimes be a brain-tickling exercise, but sometimes is just mundane work that just needs to be done. You need to be able to muster the energy to do both.

• A team player. The CISO team is small, but we lead internal security for the whole organization. You need to have the desire to work with a team and support team cohesion.

• Fluency in English with good presentation skills.
• You must pass a security vetting and a background check.

Bonus points

Although the following are not required, they are plus points:

• Experience in the cybersecurity field.
• Knowledge of ISO 27001 Standards and ISAE 3000 (SOC2) frameworks.

What will you get from us

• Since WithSecure has offerings from cybersecurity consulting, incident response, managed services and a suite of cybersecurity products, you have the rare opportunity to understand the inner workings of cybersecurity products and services and can contribute to the evolution of these offerings that we utilize to protect both our customers and ourselves.
• Cross-functional ways of working by default.
• Access to security consultants, malware researchers, threat hunters, incident responders and various cybersecurity experts who can spar with you and help elevate your cybersecurity knowledge.
• Working with an organization that truly cares about protecting our digital society through the products and services we offer.