The U.S. Pharmacopeial Convention (USP) Senior Manager, IT Security in Rockville, Maryland
Senior Manager, IT Security
Summary of the Position
The Senior Manager, IT Security serves as a senior technical and enterprise cyber security professional responsible for developing information security policy, introducing security best practices, and auditing information security compliance. The incumbent’s main responsibilities are developing and executing enterprise cyber security risk mitigation plan, designing and building the security architecture and operations functions, taking inventory of information types, classifying each by security risk, establishing an enterprise security framework through policy, architecture, and training processes and evaluating. This also includes selecting and implementing appropriate security solutions and leading efforts to assess vulnerability and risk. The position is expected to interface with USP staff to share the IT enterprise security vision and to solicit their involvement in achieving higher levels of enterprise security through information sharing, education, and co-operative work assignments.
Roles and Responsibilities
Develops and executes USP’s enterprise cyber security risk mitigation plan
Maintains up-to-date assessment of USP’s information assets and their corresponding security requirements.
Lead the development and maintenance of the enterprise’s security architecture design
Oversee our 24x7 information security operations
Be an escalation point during information security incidents and see issues through to resolution while ensuring appropriate involvement across teams
Assists in the development and maintenance of the enterprise’s security awareness training program
Develop and maintain the enterprise’s security documents (policies, standards, guidelines, and procedures)
Maintains up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and security threats and advise IT management of these findings to continuously improve IT’s security program.
Selects and acquires additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per IT’s existing project management and procurement processes.
Oversees the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with standard operating procedures generically and the enterprise’s security policies specifically.
Ensures the confidentiality, integrity, security, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, application systems, databases, and other data repositories through either LAN/WAN/Cloud services.
Leads the enforcement of enterprise security policies and procedures.
Leads and documents all security event investigations and provide on-going communication with senior management describing the root cause and the status of the activity employed to close the investigation.
Leads the design and execution of vulnerability assessments, penetration tests, and security audits. Documents the findings of these activities showing which areas have “passed” as well as any non-conformities and/or failures along with their corrective actions.
Performs regular security awareness training for IT staff to ensure consistently high levels of compliance with IT security policies.
Understands and implements security controls for USP’s Enterprise Resource Planning system and other systems containing financial data to help ensure successful external audits
Engages in ongoing communications with USP staff and executive leadership to ensure enterprise wide understanding of security goals, to solicit feedback, and to foster cooperation.
Bachelor’s degree in Information Technology or a relevant field required
8-10 years of experience in IT security for a mid-large size organization
5 years supervisory experience
Must have at least one of the following active Certifications: CISA, CISM, CISSP or CFE
Experience in leading projects involving the implementation of security solutions
Experience implementing security controls for information systems
Experience handling multiple projects simultaneously in a dynamic, deadline-oriented environment with ability to reach decisions in a timely manner
GCIH, GCIA, GMON certifications preferred
Extensive experience in enterprise security documentation creation
Extensive experience in designing and delivering employee security awareness training
Proficiency at the command line for both Linux and Windows environments
Proficiency with scripting in one or more of the following: PowerShell, Python, bash
Proficiency with vulnerability scanning tools such as Nessus
Proficiency with Intrusion Detection Systems such as Snort or Suricata
Experience supporting Security Onion deployments
Proficiency with automating Splunk infrastructure configurations and advanced level Splunk Dashboarding, Index-time and Search-time data parsing
Proficiency with firewall technologies such as Palo Alto or Cisco ASAs
Experience with performing packet captures and analysis using tools such as Wireshark or NetFlow
Experience in performing data analysis using tools such as Splunk or Elasticsearch/Kibana
Experience with the NIST Cybersecurity Framework (CSF), the CIS Critical Security Controls, the Mitre ATT&CK framework, and similar security resources
Excellent communication skills
Problem solving skills and the ability to work under pressure
Ability to produce quality documents, procedures, reports, and other written documentation
Familiarity with web related technologies (Web applications, Web Services and of network/web related protocols
Demonstrated analytical skills to critically evaluate the information gathered from multiple sources, reconcile conflicts, decompose high-level information into details, abstract up from detailed information to a more general understanding
1 Senior Security Engineer
1 Security Engineer
USP offers an impressive benefits package , including:
Generous paid time off – 13 paid holidays, 10 sick days and 15 vacation days per year to start
An annual 401(k) contribution, beginning after 1 year of service, of 10% of pay (base and bonus) every pay period that vests immediately
Comprehensive individual and family healthcare plans with affordable premiums and low annual deductibles ($250/individual or $500/family)
The U.S. Pharmacopeial Convention (USP) is a scientific nonprofit organization that sets standards for the identity, strength, quality, and purity of medicines, food ingredients, and dietary supplements manufactured, distributed and consumed worldwide. USP’s drug standards are enforceable in the United States by the Food and Drug Administration, and these standards are used in more than 140 countries.
Being a part of USP means belonging to a diverse culture made up of more than 1,000 talented professionals working together at five international locations. We share our expertise in science, IT, human resources, quality assurance, communications, administrative management, and more...all to support an overall mission dedicated to making a difference by providing standards and programs that help improve the quality of medicines, dietary supplements, and foods worldwide.
USP is proud to be an equal employment opportunity employer (EEOE) and affirmative action employer. Employment selection and related decisions are made without regard to sex, race, age, disability, religion, national origin, color, veteran status, sexual orientation, gender identity or any other protected class. We are committed to working with and providing reasonable accommodation to individuals with disabilities.
USP does not accept unsolicited resumes from 3rd party recruitment agencies and is not responsible for fees from recruiters or other agencies except under specific written agreement with USP.
Rockville, Maryland, United States
Job Category Information Technology