Permanent Position - Cleveland, Ohio JOB BRIEF Manage the efforts of the Information Security Vulnerability Management and Incident Response staff including developing Corp-wide information security vulnerability management and incident response policy and strategy, responding and resolving security incidents and communicating with senior management, tracking security variances and resolving security vulnerabilities, producing relevant management reports, and manage the KeyCorp information security investigations and forensics activities. ESSENTIAL JOB FUNCTIONS Monitor and manage performance of the information security vulnerability management and incident response staff. Provide on-going coaching and training of staff as needed. Establish information security vulnerability management and incident response policy for Corp and affiliates. Ensure that vendor and contractors adequately address the information security vulnerability management and incident response policy. Develop and implement an information security vulnerability variance tracking system to provide current status of all security vulnerabilities for reporting to Corp senior management. Establish processes and systems to ensure the adequacy of security vulnerability remediation and maintenance. Coordinate information security investigative issues with Corporate Security, Legal and as needed with HR and Corporate Communications and other appropriate Corp organizations. Interface with local, state, and federal law enforcement regarding security vulnerabilities. Establish a 7x24 monitoring system to detect and report security vulnerabilities and any attempted exploitations. Design, implement, and maintain appropriate levels of intrusion detection and associated reporting systems to provide reasonable indication of attempted abuse or misuse of Corp information systems and technology. Develop a Corp-wide system to disseminate appropriate security alerts and required responses. Establish and maintain security vulnerability assessment and investigative tools and equipment. Develop and report appropriate information security vulnerability reporting to indicate the status of information security to Corp senior management. Allocate division resources to support the information security vulnerability management and incident response processes and procedures. Provide strategic leadership regarding information security vulnerability management and incident response support. Manage information security vulnerability management and incident response projects. Ensure timely resolution of information security vulnerability management and incident response problems; handle escalated issues as needed. Manage information security vulnerability and incident response functions. MARGINAL OR PERIPHERAL FUNCTIONS Develop relationships with Corp functions to ensure information security vulnerability and incident response issues are addressed. Provide security-related support across multiple Corp organizations. Manage and continuously improve Information Security Vulnerability Management and Incident Response. REQUIRED QUALIFICATIONS Bachelor degree in Business, Information Systems, Engineering or related field. 4-8 years technology, information security and/or risk related management experience. Certified Information Systems Security Professional (CISSP) Certification. Demonstrated experience in information security vulnerability management and incident response. Ability to assess information security risks and understand business needs in order to develop effective security solutions that ensure compliance and the safety of Corp information assets. Management skills including communication, staffing, performance management, issue resolution, motivation, forecasting, and planning. Information security vulnerability management and incident response technical expertise including the use of security vulnerability scanners and other detection/investigation tools, equipment, and software. Excellent knowledge and experience with current technologies and their implementation. Excellent written and verbal communication skills. Strong customer service orientation. PREFERRED QUALIFICATIONS GIAC certification REPORTING RELATIONSHIPS This position reports to the Chief Information Security Officer EQUIPMENT USED Vulnerability assessment and investigative tools Standard office equipment MS Office, Lotus Notes Linda Melda MurTech Consulting 216-328-8580 [EMAIL PROTECTED]
