Information Security Senior Manager - Attack Surface Operations

Capital Group

Country: United States of America

Location: Irvine

Time Type: Full time

Posted On: October 16, 2024

“I can succeed as an Information Security Senior Manager - Attack Surface Operations at Capital Group.”

As an Information Security Senior Manager for Attack Surface Operations, you will have a global responsibility to lead and operate Capital’s vulnerability management, eCrime and Threat Intelligence programs as well as drive the SecOps communications, enhancements and metrics/KPI programs.


As an Information Security Senior Manager - Attack Surface Operations your responsibilities will include:

Vulnerability management

  • You will drive the strategy, lead and develop the team at capital who identify, analyze, prioritize, remediate and report vulnerability risk in CG technology systems.

  • You will work closely with stakeholders from across our Information Technology Group to drive Capital’s vulnerability management program that manages risk to CG accepted levels, and in alignment with industry best practice and regulatory expectations.

eCrime

  • You will drive the strategy, lead and develop the team at Capital who monitor and disrupt fraudulent use of Capital’s brand online to minimize negative impact to Capital’s reputation and associates.

  • You will work with stakeholders from across Capital’s business to drive Capital’s eCrime program to provide NIST-aligned eCrime fraud response services for Capital Group by collaborating with law enforcement agencies, security and trust teams at various social media platforms, industry groups, and vendors and reporting post-incident findings, recommendations, and risk items.

Threat Intelligence

  • You will drive the strategy, lead and develop the team at Capital who collect, process, assess and disseminate timely and actionable cyber threat intelligence to set the conditions for the successful mitigation of risk to Capital’s business operations.

  • You will work with stakeholders from across Capital’s business to drive Capital’s intelligence cycle process of seeking stakeholder direction, curating a world class collection capability, performing first class assessment to create timely and actionable intelligence before disseminating it as tactical, operational or strategic intelligence in business consumable formats.

Security Operations Metrics and Communications

  • You will work across other security operations teams to produce mission critical metrics, KPIs and KRIs for all functions within the group.

  • You will drive the ‘battle rhythm’ within Security Operations, driving the production of our weekly communications, monthly review sessions, weekly standups, quarterly business updates and regular intelligence updates.

  • You will curate and curate SecOps regular written updates, including annual intelligence products (threat assessments) and weekly SecOps updates.

  • You will work with 2nd Line and other risk teams to formalize the review process for after-action reviews and CI opportunities.

“I am the person Capital Group is looking for.”

  • You are a leader with a track record of competency in the field of Information Security and Risk with 7+ years of relevant security and technology experience, including 5+ years in a significant leadership role.

  • You have experience or demonstrable knowledge in driving strategies and programs across the spectrum of the role including Vulnerability Management, eCrime, intelligence and reporting

  • You have a bachelor’s degree from an accredited institution, with degree preferred in Computer Science or Information technology systems security or related field.

  • You have experience in establishing cyber security and risk metrics for reporting.

  • You have strong emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders.

  • You are highly capable and experienced in negotiation and persuasion skills.

  • You have demonstrated an affinity for working with a diverse team.

  • You have effective oral and written communication skills. Information Security certification based on industry best practices.

  • You have excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences.

  • You have an ability to work with, persuade and motivate technology teams and legal teams to support the work needed by attack surface operations teams.

  • You are at ease with managing multiple priorities, ambiguity and rapidly moving business environment.

  • You have a strong understanding of the business impact of security tools and operations, cloud technologies and policies.

  • You have strong leadership abilities, with the capability to develop and guide IT operations personnel, and work with minimal supervision.

  • You have experience working with legal, audit, operations and compliance staff.

  • You have experience developing and maintaining policies, procedures, standards and guidelines.

  • You have experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), the European Union Privacy Directives, and the Japanese Financial Instruments and Exchange Law ("J-SOX").

‎ 

Southern California Base Salary Range: $193,464-$328,889

‎ 

San Antonio Base Salary Range: $174,229-$296,189

‎ 

‎ 

New York Base Salary Range: $205,099-$348,668

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

 ‎ 

 ‎

 ‎

In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital’s annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.

You can learn more about our compensation and benefits .

* Temporary positions in Canada and the United States are excluded from the above mentioned compensation and benefit plans.


We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.