Milliman
Cybersecurity Operations & Incident Response Manager
Milliman, Seattle, Washington, us, 98127
Description
POSITION SUMMARY:This position functions as the manager of the corporate security operations and incident response teams and requires understanding the IT infrastructure in place at Milliman offices to ensure appropriate security measures are in place to prevent security breaches. The position has IS engineer direct reports responsible for security infrastructure and works in collaboration with the Manager of IT Operations & Infrastructure to recommend physical and technical information security best practices. The position also manages and collaborates with the corporate privacy office to address privacy-related events. The position reports to the Chief Information Security Officer (CISO).The Cybersecurity & Incident Response Manager will be responsible for supervising staff and executing IT Security projects. This position oversees the technical work of information security operations and incident response personnel. Additionally, this position will occasionally serve as a project or cross-functional team lead to ensure high-quality communications and technical delivery of the work being performed. The Cybersecurity & Incident Response Manager will set performance expectations for direct reports and provide constructive performance feedback on a regular basis.RESPONSIBILITIES:Operational oversight of cybersecurity solutions, including SIEM, MSSP, firewall, VPN infrastructure, secure web gateway, etc.Manage activities of corporate security operations and program management of information security initiatives with IT personnel across Milliman practices and disciplines.Manage activities of the incident response team and track and assist with mitigation of technical security incidents across the organization through resolution.Support prioritization and delivery of security audit artifacts for internal and external security audits.Develop and maintain metrics that quantify and monitor key process indicators (KPIs).Coach staff in the practices of security related requirements and provide guidance in the course of implementation and other changes.Keep up to date on information security threats and countermeasures and advise technical staff.Recommend security enhancements and purchases consistent with information security strategy and evolving threats.
SKILLS & QUALIFICATIONS REQUIRED:Bachelor's degree: candidates must possess significant analytical skills evolved from academic training in Computer Science, Computer Engineering, or Information Systems.The ideal candidate must have minimum 8 years of business experience in the areas of Information Security.The ideal candidate must have at least one of the certifications: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).The ideal candidate must have previous experience with ISO 27001/2, HIPAA, HITRUST and other industry regulatory controls and compliance preferred.The ideal candidate must have previous experience with cloud security control design and management.The ideal candidate must have working knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Access Management, or Web Services.The ideal candidate must have prior experience supervising and professional development of staff in the Information Security field.Must have prior experience working with geographically diverse offices in a global organization.Must have the ability to handle multiple projects.Must have the ability to interpret information security data and processes to identify potential compliance issues.Must have the ability to clearly and effectively communicate Information Security matters to executives, auditors, and end-users.Must have the ability to work effectively and organize priorities independently.Must have the decision-making and problem-solving skills including the ability to clearly define and resolve issues.Must have excellent verbal and written communication skills including the ability to prepare documentation, policies and build consensus across a broad group.Must have writing and interpersonal communication skills are expected to be of high quality.Must have excellent time management skills including the ability to prepare, prioritize and complete work plans.
SKILLS & QUALIFICATIONS PREFERRED:GIAC Certified Incident Handler (GCIH) or EC-Council Certified Incident Handler (ECIH)Experience within consulting or professional service organizations.
LOCATION:This is a Seattle based role. The person in this role is expected to live within commutable distance to Milliman's Seattle office.COMPENSATION:The salary range for this role is $163,000 - $254,000, depending on a combination of factors, including, but not limited to, education, relevant work experience, qualifications, skills, certifications, location, etc.BENEFITS:At Milliman, we focus on creating an environment that recognizes - and meets - the personal and professional needs of the individual and their family. We offer competitive benefits which include the following based on plan eligibility:Medical, dental and vision coverage for employees and their dependents, including domestic partners.A 401(k) plan with matching program, and profit-sharing contribution.Employee Assistance Program (EAP).A discretionary bonus program.Paid Time Off (PTO) starts accruing on the first day of work and can be used for any reason; full-time employees will accrue 15 days of PTO per year, and employees working less than a full-time schedule will accrue PTO at a prorated amount based on hours worked.Family building benefits, including adoption and fertility assistance and paid parental leave up to 12 weeks for employees who have worked for Milliman for at least 12 months and have worked at least 1,250 hours in the preceding 12-month period.Commuter Program, which allows you to use pre-tax dollars to pay for your parking or public transit expenses to get to and from work. You may utilize this benefit any time throughout the year and funds will be available the first of the month following your first contribution.A minimum of 8 paid holidays.Milliman covers 100% of the premiums for life insurance, AD&D, and both short-term and long-term disability coverage.Flexible spending accounts allow employees to set aside pre-tax dollars to pay for dependent care, transportation, and applicable medical needs.
ABOUT MILLIMAN:Independent for over 75 years, Milliman delivers market-leading services and solutions to clients worldwide. Today, we are helping companies take on some of the world's most critical and complex issues, including retirement funding and healthcare financing, risk management and regulatory compliance, data analytics and business transformation.Through a team of professionals ranging from actuaries to clinicians, technology specialists to plan administrators, we offer unparalleled expertise in employee benefits, investment consulting, healthcare, life insurance and financial services, and property and casualty insurance.EQUAL OPPORTUNITY:All qualified applicants will receive consideration for employment, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
POSITION SUMMARY:This position functions as the manager of the corporate security operations and incident response teams and requires understanding the IT infrastructure in place at Milliman offices to ensure appropriate security measures are in place to prevent security breaches. The position has IS engineer direct reports responsible for security infrastructure and works in collaboration with the Manager of IT Operations & Infrastructure to recommend physical and technical information security best practices. The position also manages and collaborates with the corporate privacy office to address privacy-related events. The position reports to the Chief Information Security Officer (CISO).The Cybersecurity & Incident Response Manager will be responsible for supervising staff and executing IT Security projects. This position oversees the technical work of information security operations and incident response personnel. Additionally, this position will occasionally serve as a project or cross-functional team lead to ensure high-quality communications and technical delivery of the work being performed. The Cybersecurity & Incident Response Manager will set performance expectations for direct reports and provide constructive performance feedback on a regular basis.RESPONSIBILITIES:Operational oversight of cybersecurity solutions, including SIEM, MSSP, firewall, VPN infrastructure, secure web gateway, etc.Manage activities of corporate security operations and program management of information security initiatives with IT personnel across Milliman practices and disciplines.Manage activities of the incident response team and track and assist with mitigation of technical security incidents across the organization through resolution.Support prioritization and delivery of security audit artifacts for internal and external security audits.Develop and maintain metrics that quantify and monitor key process indicators (KPIs).Coach staff in the practices of security related requirements and provide guidance in the course of implementation and other changes.Keep up to date on information security threats and countermeasures and advise technical staff.Recommend security enhancements and purchases consistent with information security strategy and evolving threats.
SKILLS & QUALIFICATIONS REQUIRED:Bachelor's degree: candidates must possess significant analytical skills evolved from academic training in Computer Science, Computer Engineering, or Information Systems.The ideal candidate must have minimum 8 years of business experience in the areas of Information Security.The ideal candidate must have at least one of the certifications: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).The ideal candidate must have previous experience with ISO 27001/2, HIPAA, HITRUST and other industry regulatory controls and compliance preferred.The ideal candidate must have previous experience with cloud security control design and management.The ideal candidate must have working knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Access Management, or Web Services.The ideal candidate must have prior experience supervising and professional development of staff in the Information Security field.Must have prior experience working with geographically diverse offices in a global organization.Must have the ability to handle multiple projects.Must have the ability to interpret information security data and processes to identify potential compliance issues.Must have the ability to clearly and effectively communicate Information Security matters to executives, auditors, and end-users.Must have the ability to work effectively and organize priorities independently.Must have the decision-making and problem-solving skills including the ability to clearly define and resolve issues.Must have excellent verbal and written communication skills including the ability to prepare documentation, policies and build consensus across a broad group.Must have writing and interpersonal communication skills are expected to be of high quality.Must have excellent time management skills including the ability to prepare, prioritize and complete work plans.
SKILLS & QUALIFICATIONS PREFERRED:GIAC Certified Incident Handler (GCIH) or EC-Council Certified Incident Handler (ECIH)Experience within consulting or professional service organizations.
LOCATION:This is a Seattle based role. The person in this role is expected to live within commutable distance to Milliman's Seattle office.COMPENSATION:The salary range for this role is $163,000 - $254,000, depending on a combination of factors, including, but not limited to, education, relevant work experience, qualifications, skills, certifications, location, etc.BENEFITS:At Milliman, we focus on creating an environment that recognizes - and meets - the personal and professional needs of the individual and their family. We offer competitive benefits which include the following based on plan eligibility:Medical, dental and vision coverage for employees and their dependents, including domestic partners.A 401(k) plan with matching program, and profit-sharing contribution.Employee Assistance Program (EAP).A discretionary bonus program.Paid Time Off (PTO) starts accruing on the first day of work and can be used for any reason; full-time employees will accrue 15 days of PTO per year, and employees working less than a full-time schedule will accrue PTO at a prorated amount based on hours worked.Family building benefits, including adoption and fertility assistance and paid parental leave up to 12 weeks for employees who have worked for Milliman for at least 12 months and have worked at least 1,250 hours in the preceding 12-month period.Commuter Program, which allows you to use pre-tax dollars to pay for your parking or public transit expenses to get to and from work. You may utilize this benefit any time throughout the year and funds will be available the first of the month following your first contribution.A minimum of 8 paid holidays.Milliman covers 100% of the premiums for life insurance, AD&D, and both short-term and long-term disability coverage.Flexible spending accounts allow employees to set aside pre-tax dollars to pay for dependent care, transportation, and applicable medical needs.
ABOUT MILLIMAN:Independent for over 75 years, Milliman delivers market-leading services and solutions to clients worldwide. Today, we are helping companies take on some of the world's most critical and complex issues, including retirement funding and healthcare financing, risk management and regulatory compliance, data analytics and business transformation.Through a team of professionals ranging from actuaries to clinicians, technology specialists to plan administrators, we offer unparalleled expertise in employee benefits, investment consulting, healthcare, life insurance and financial services, and property and casualty insurance.EQUAL OPPORTUNITY:All qualified applicants will receive consideration for employment, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)