Security Operations Manager at CIM Group – Los Angeles, California

Security Operations & Incident Response

• Ensure security alerts and anomalous activities are continuously monitored, accurately logged, and escalated in accordance with established procedures.
• Lead and coordinate timely, effective response to cybersecurity incidents to minimize business impact.
• Support restoration of affected systems and services following cybersecurity incidents, including leading forensic investigations as required.
• Research emerging threats and attack vectors, and implement appropriate countermeasures to continuously strengthen the organization’s security posture.
• Coordinate internal and external penetration testing activities to identify and remediate exploitable weaknesses.

Risk Management, Controls & Assurance

• Ensure protective security controls are implemented and operating effectively to reduce risk exposure.
• Coordinate with compliance and IT teams to design, implement, and maintain operational security controls.
• Support asset cataloging and ownership alignment to ensure accountability for systems, data, and security controls.
• Execute quarterly User Access Reviews across the application portfolio in an efficient manner.
• Respond to external audit and compliance questionnaires, providing accurate and timely security documentation and evidence.

Security Awareness & Enablement

• Ensure employees, vendors and/or contractors with access to systems and data are appropriately trained in relevant security awareness and individual security responsibilities.
• Design, manage, and enforce the organization’s security awareness program, including the execution of recurring phishing simulation campaigns.
• Support the development, testing, and ongoing improvement of Disaster Recovery plans to ensure the organization can effectively respond to and recover from disruptive events, including cybersecurity incidents.
• Serve as a trusted security advisor to internal teams, raising awareness and providing guidance to help protect products, systems, and services from known and emerging threats.

• Ability to produce executive reporting to illustrate Cybersecurity posture and areas for improvement.
• Ability to communicate and present ideas and recommendations effectively to Technology management.
• Ability to translate Cybersecurity information into a manner that end users can understand.

• Minimum 8 years of Cybersecurity analyst/management experience.
• Bachelor’s Degree in a technical field required.
• CISSP or CISM certification strongly preferred.
• Formal training in Cybersecurity governance, risk, and compliance (GRC).
• Understanding of Cybersecurity communities (OWASP).
• Understanding of SOC 2, SOX, NIST, and GDPR compliance.

• Expert knowledge of information security principles, practices, and architectures.
• Expert knowledge with Threat Detection, Email Security, DLP, Data Governance tools such as Proofpoint, MS Defender, or Mimecast.
• Hands-on experience with the development of Cybersecurity Training and Phishing Campaigns.
• Experience with leading Disaster Recovery programs.
• Experience with Vulnerability Management Platforms such as Rapid7 and Qualys.
• Experience with Patch Management platforms such as SCCM and Ivanti.
• Understanding of supporting technology audits and testing technology controls.
• Understanding of cloud environments such as Azure, SalesForce.com and Office365.

• Regular reporting of key Cybersecurity metrics for the company to executive management.
• Year over year Improvement of scores within the vulnerability management platform.
• Meet all compliance requirements related to Cybersecurity.
• Timely completion of preventive Cybersecurity measures such as User Access Reviews, End User Cybersecurity Training, and Phishing Campaigns.
• Reduction of Cybersecurity issues uncovered by 3rd party security testing and compliance audits.
• Disaster Recovery readiness score.