The Cybersecurity Operations Center Manager is responsible for overseeing the day-to-day operations of the Cybersecurity Operations Center, (CSOC), managing vendor performance, and ensuring compliance with agency cybersecurity policies and contractual obligations. This role involves developing and executing continuous monitoring programs, leading incident response efforts, and optimizing security operations through automation and improved processes. The CSOC Manager will also ensure the effective integration of security monitoring tools and provide regular cybersecurity metrics and reporting to senior leadership. Position within the Organization: Reporting to the Chief Information Security Officer (CISO), the CSOC Manager will lead the CSOC team, collaborate with internal stakeholders and external vendors, and ensure the organization’s cybersecurity operations are aligned with best practices, regulatory requirements, and the overall security strategy. |
Contract Management and Vendor Supervision: - Provide contract management and supervision for the operations of the 24 x 7 Cyber Security Operations Center (CSOC) to ensure compliance with agency expectations.
- Ensure that the staffing contractor adheres to the scope of work, delivering services on schedule and within budget.
Policy and Procedure Management: - Maintain the currency of policies, procedures, standards, playbooks used to deliver services necessary for continuous monitoring of the organization's information and operating technology systems.
- Focus on protecting the confidentiality, integrity, and availability of information systems.
Continuous Monitoring Program Development: - Oversee third-party Cybersecurity Operations Center (CSOC) vendor performance to ensure SLAs and KPIs are met
- Develop and execute the continuous monitoring program, aligning with the NIST Cybersecurity Framework.
- Incident Response Capability:
- Establish, maintain, and exercise an enterprise-wide 24x7 incident response capability.
- Develop incident response policies, procedures, and services to investigate and contain cyber incidents impacting business information and industrial control systems.
- Ensure incident response capability aligns with the NIST Cybersecurity Risk Framework.
- Cyber Risk Assessment Guidance:
- Provide guidance to line department staff performing cyber risk assessments, including threat workshops, threat scenarios, and risk scenarios.
- Forensic Investigations:
- Serve as the principal forensic technical investigator for cyber incidents.
- Solution Design and Implementation:
- Design and implement solutions for monitoring and responding to cyber threats and incidents.
- Collaboration with OIG and PAPD:
- Establish operational relationships with the Office of the Inspector General (OIG) for investigating cyber incidents.
- Establish operational relationships with PAPD for investigating cyber crime that occurs outside of the area of responsibility of the OIG.
Additional Responsibilities: Vendor and Performance Management: - Manage vendor relationships to ensure services align with agency requirements and industry best practices.
- Conduct reviews, audits, and identify areas for improvement while ensuring compliance with contractual obligations.
Cybersecurity Threat Intelligence Management: - Develop and manage threat intelligence programs, integrating external threat intelligence sources and internal findings.
- Collaborate with government agencies, industry groups, and private-sector organizations to stay informed about emerging threats and vulnerabilities.
- Ensure effective sharing and dissemination of relevant threat intelligence within the organization.
Security Operations and Automation: - Continuously evaluate and improve security operations, leveraging automation tools to enhance threat detection, incident response, and operational efficiency.
- Identify opportunities for process optimization through automation and advanced analytics.
Security Monitoring, Incident Detection & Threat Hunting: - Ensure proper integration of security monitoring tools (SIEM, IDS/IPS, Endpoint Detection and Response, etc.) to identify threats and vulnerabilities across the environment.
- Monitor, review, and validate cyber alerts to assess the level of risk, ensuring timely detection and escalation.
- Proactively look for emerging threats throughout the environment.
Cybersecurity Metrics and Reporting: - Develop and implement reporting frameworks to track key cybersecurity metrics (incident response times, threats detected, vulnerabilities, etc.).
Provide regular reports to senior leadership on the status of cybersecurity operations, incidents, trends, and effectiveness of strategies. Team Leadership and Development: - Lead and mentor internal cybersecurity staff, ensuring high levels of skill development, training, and career progression.
- Work with HR to recruit, hire, and retain skilled cybersecurity personnel as needed.
- Foster a culture of cybersecurity awareness, collaboration, and continuous improvement.
Compliance and Regulatory Management: - Ensure cybersecurity operations comply with relevant regulations (e.g., NIST, GDPR, HIPAA, PCI, FISMA).
- Participate in periodic audits and assessments to verify the organization’s cybersecurity posture aligns with regulatory requirements.
- Support external audits and assessments of the organization’s cybersecurity posture.
Business Continuity and Disaster Recovery: - Collaborate with IT and business continuity teams to ensure incident response plans are integrated with disaster recovery and business continuity planning.
- Participate in tabletop exercises and simulations to test the readiness of the incident response team and improve procedures.
Risk Management and Vulnerability Management: - Support proactive vulnerability management, ensuring vulnerabilities are assessed, prioritized, and remediated in a timely manner.
- Assist in risk assessments to evaluate and prioritize cybersecurity risks across the agency.
- Provide guidance on implementing risk mitigation strategies to reduce overall cybersecurity risk.
Change Management and Security Architecture: - Work with IT teams to ensure changes to the network and systems are reviewed for potential cybersecurity impacts.
- Advise on security requirements and contribute to the design of secure system architectures and solutions.
Collaboration and Incident Coordination: - Serve as the Incident Commander for cybersecurity incidents, coordinating with departments and external partners (e.g., law enforcement, government agencies).
- Coordinate and lead cross-functional teams during cyber incidents, ensuring proper communication, containment, remediation, and reporting.
Stay abreast of emerging and evolving cybersecurity threats - Actively seek out new information on emerging cyber threats
- Maintain a level of awareness of cyber threats in order to proactively anticipate and prevent them by staying ahead of the curve.
- Use threat intelligence sources, briefings, industry forums and other information sources to stay informed.
|