Senior Manager of Information Security Operations - Foster City, CA
Senior Manager of Information Security Operations
Reporting to the head of information security, this role is responsible for leading the information security operations for Guidewire’s fast-growing customer facing cloud-based environments and the global IT enterprise infrastructure. Security is a critical part of the Guidewire business and product strategy and you would be working as part of a team of security professionals helping to protect our brand, reputation, and intellectual property.
You would be responsible for leading security monitoring and alerting operations, incident response, conducting vulnerability assessments and technical security review efforts. The successful candidate will have a positive attitude, proven people leadership skills, strong negotiating ability, a passion for exceptional customer service, attention to detail, practical problem-solving abilities, ability to proactively identify opportunities, evaluate solutions, make recommendations and quickly implement selected solutions.
- Overall responsibility for corporate and cloud provider infrastructure security.
- Overseeing firewall, IDS and IPS management and monitoring
- Providing an aggregated logging, monitoring and alerting service for critical cloud operations and IT devices (i.e., network, network security, authentication services, etc.)
- Working with Cloud Operations and Information Technology to coordinate the implementation and operation of technical security controls.
- Working with Cloud Services and IT to conduct regular external and internal vulnerability scans, make corrective recommendations and track issues through remediation
- Developing security operations processes and procedures to ensure comprehensive threat visibility, monitoring and alerting
- Providing risk analysis of security infrastructure
- Managing and optimizing the logging, monitoring, correlation and alerting tools
- Building and improving security operations SOPs and compliance documentation
- Developing, maintaining and testing incident response plans
- Collaborating with IT to secure desktop, mobile and server environments
- Providing ongoing operations metrics for daily management of team and for leadership visibility
- Working with business units and teams to assess/audit security controls and help implement best practices
- Supporting and assisting with external audits/assessments, certifications and accreditations to achieve and maintain compliance.
- Leading network and cloud security personnel, developing strategy, setting goals and providing performance and professional development feedback.
- Managing vendors, relationships and contracts
Skills and Experience:
- A minimum of 3 years of experience as an information security operations manager, or similar role, leading direct reports and projects.
- Minimum of 3 years of experience as a network or application security analyst
- Professional certification such as CISSP or CISM or equivalent is required
- Experience providing security administration and monitoring services for AWS implementations
- Experience with vulnerability scanning and distributed network assessment tools like Nessus, Metasploit, Qualys, Nmap and Kali Linux.
- Demonstrated experience with managing and ensuring the timely response and investigations of security events and incidents
- Familiarity with enterprise productivity tools, such as Rally, Confluence, JIRA, SharePoint, ServiceNow etc
- Solid understanding of log and monitoring management systems, security event monitoring systems, network-based and host-based intrusion detection systems, firewall technologies, malware detection and enterprise-level antivirus solutions/systems and encryptions standards
- Working knowledge of the various industry standard information assurance disciplines and generally accepted practices governing software development.
- Understanding of frameworks, standards and assessments such as ISO 27001, SOC1, SOC2, PCI, HIPAA, NIST, etc.
- Experience with Palo Alto Networks physical and virtual firewalls, RedLock, along with Cisco ASAs is beneficial.
- Experience managing IDS, IPS and SIEM tools.
- Familiarity with enterprise productivity tools, such as Rally, Confluence, JIRA, etc.
- Experience in process and policy development
- Strong initiative, detail orientation, organizational skills, aptitude for analytical thinking
- Ability to multi-task, prioritize and work across teams to meet deadlines
- Demonstrated ability to build a strong culture of collaboration, teamwork and innovation
- Excellent work ethic and a high commitment to quality
- Strong skills using Microsoft Word, Excel, PowerPoint and Visio
- Bachelors degree in computer science considered an asset
Guidewire exists to deliver the industry platform that P&C insurers rely upon to adapt and succeed in a time of accelerating change—and to ensure that every customer succeeds in the journey. We provide the software, services, and partner ecosystem to enable our customers to run, differentiate, and grow their business.
Guidewire InsurancePlatform is the P&C industry platform that unifies software, services, and partner ecosystem to power our customers’ business. InsurancePlatform provides the standard upon which insurers can engage their customers, optimize their operations, drive smart decisions, and innovate quickly. We are privileged to serve more than 350 P&C insurers in 32 countries. We invest heavily in R&D to build a technology platform that combines three elements—core processing, data and analytics, and digital engagement—to enhance insurers’ ability to engage and empower their customers and employees.
Guidewire Software Inc. provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. All offers are contingent upon passing a criminal history and other background checks where it’s applicable to the position.