Senior Manager, Cybersecurity

Job Summary
The American Family Insurance Enterprise Cyber Security Fusion Center is looking for an experienced Cyber Security Senior Operations Manager to oversee the delivery of the 24x7 Managed Security Operations Center (MSOC) service MSOC operations are performed to contractual SLAs, SOPs, policy, standards, and security best practices. You will manage the efficient operations of security monitoring, detection, triage, response, and escalation handoffs to the AMFAM Cyber Incident Response team. The Cyber Security Senior Operations Manager will coordinate 24x7 staffing to support cyber threat intelligence-based incident response, Threat Hunt, Digital Forensic Investigations. Provide support to Insider Risk investigations, Data Privacy investigations, third-party breach notifications, PCI/Regulatory compliance reporting, vulnerability assessments and penetration testing of cloud environments. You will report to the Cyber Security Fusion Center Director.

Position Compensation Range:

$109,000.00 - $186,000.00

Pay Rate Type:

Salary

Compensation may vary based on the job level and your geographic work location.

Primary Accountabilities

• Manage daily operational escalated cyber event and incident response activities and SOC.

• Supervise the team responsible for triage and validation of escalated MS SENTINEL SIEM , Palo XSOAR events and alerts.

• Help develop AI/ML based data analytics.

• Maintain situational awareness of user reported events, tools status, vulnerability status, digital forensic investigations, threat hunt investigations, cyber threat intelligence reports, and all other responsibilities.

• Manage Service Now Security Incident Response case management queue.

• Coordinate with Cyber defense to guide the implementation and improvement of modern technologies, frameworks, and methodologies across the teams.

• MS E5 integrated SENTINEL SIEM, end point protection, ProofPoint Email, Web Proxy, VPN, Firewall, IAM solutions.

• Accountable for the efficiency of identification, isolation, mitigation, and reporting of incidents by the MSOC.

• Work with business and operational partners during a declared incident to keep them informed of the status of the incident.

• Review weekly and monthly performance metrics to ensure compliance with SLA's. Review QA/QC criteria with the team for process improvement.

• Experience reporting MSOC operational metrics and deliver MSOC recommendations to cyber security leadership.

• Service Now Metrics Dashboards

• Manage relationship with third-party incident response provider, coordinate support during incident response investigations.

• Instill and reinforce industry best practices in the incident response, threat analysis, knowledge management and MSOC operations domains.

• Experience with NIST 800 series, MITRE ATT@CK Framework, FS-ISAC, Gartner Group

• Cyber Security Artificial Intelligence/Machine Learning (LLM, MS Security Co-Pilot)

• Familiarity with Cloud concepts and experience performing monitoring and responding to threats in AWS, Azure and GCP Cloud environments.

• Review relevant actionable threat intelligence products with staff to support decision making and supply chain awareness.

• Weekly cyber threat intelligence report

• Actionable threat intelligence report

• Specialized threat intelligence report

• #LI_HYBRID

Specialized Knowledge & Skills Requirements (Minimum Requirements)

• Bachelor's degree (in cyber security, computer science, IT management, network engineering) and 8+ years of relevant experience or master's degree with 6+ years of prior relevant operational management experience. Years of proved experience may be used in lieu of degree.

• 4+ years of supervisory and managing teams.

• 5+ years of intrusion detection and/or incident handling experience.

• CISSP, SSCP, GCIH, CISM or GCIA needed upon start.

• Cloud certifications - CCSP, AWS Security, MS AZ-500, GCP Cloud Sec Eng. is a plus.

• Advanced knowledge of in planning, directing, and managing Computer Incident Response Team (CIRT) and Cyber security operations for a large Enterprise.

• Considerable experience in supervising and leading employees of several technical skill levels in efforts similar in scope to a mature Security Operation.

• Mature understanding of industry accepted standards for incident response actions and best practices related to SOC operations.

• 5 years of firsthand cybersecurity experience (Protect, Detect, Respond, Mitigate, Eradicate and Restore) within a Computer Incident Response organization including performing large-scale incident response.

  LI-Hybrid

Additional Job Information:

In this flex office/home role, you will be expected to work a minimum of 10 days per month from one of the following office locations: Madison, WI 53783; Boston, MA 02110
#LI-Hybrid

We encourage you to apply even if you do not meet all of the requirements listed above. Skills can be used in many different ways, and your life and professional experience may be relevant beyond what a list of requirements will capture. We encourage those who are passionate about what we do to apply!

We provide benefits that support your physical, emotional, and financial wellbeing. You will have access to comprehensive medical, dental, vision and wellbeing benefits that enable you to take care of your health. We also offer a competitive 401(k) contribution, a pension plan, an annual incentive, 9 paid holidays and a paid time off program (23 days accrued annually for full-time employees). In addition, our student loan repayment program and paid-family leave are available to support our employees and their families. Interns and contingent workers are not eligible for American Family Insurance Group benefits.

We are an equal opportunity employer. It is our policy to comply with all applicable federal, state and local laws pertaining to non-discrimination, non-harassment and equal opportunity. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.

#LI-BC2