Security and Compliance Practice Manager

Location: San Jose, CA
The Security and Compliance Practice Manager plans and directs security development, pre-sales and post-sales. This position is accountable to assist in ensuring alignment and delivery of all security services and solutions. This role requires extensive IT security knowledge as our client delivers security consulting and managed security services to customers ranging from governance and risk assessments to penetration testing, security product implementation, managed security services and managed compliance services.
Candidate must possess an ability to work with customers during the pre-sales stage to understand the various security controls in place in order to determine gaps and recommend products and consulting work effort to close those gaps. He/she will ultimately help decide the process and technology controls to be recommended to the customer. Experience reviewing penetration tests, risk assessments, IT audits, and the implementation of the related technology recommendations such as access control tools, privileged account management, vulnerability testing, and perimeter security such as NGFW, Two-factor, and Cloud Access Security Brokers (CASB) are strongly preferred.
Create and maintain core messaging, pre-sales strategy and post-sale delivery.
Support Account Executives and Solution Architects to assess, qualify, position and close sales opportunities.
Develop SOWs, including the phases, scoping, pricing, and specific tasks to be performed for the customer.
Create and maintain all security practice messaging.
Facilitate partner development and management.
Evaluate and recommend security and compliance products and delivery partners.
Continued development and evolution of the Compliance and Security Practice.
Thorough knowledge and understanding of security best practices, operations, regulations and solutions including NIST CSF, ISO, PCI, and HIPAA.
Excellent knowledge and understanding of information risk concepts and principles as a means of relating business needs to security protocols.
Excellent understanding of information security concepts, protocols, industry best practices and strategies.
Good understanding of system technology security testing (vulnerability scanning and penetration testing.)
Knowledge of systems, applications, databases, middleware to address security threats against the same.
Proficient in preparation of reports, dashboards and documentation.
Knowledge of common Internet protocols, network analysis, and network/security applications.
Experience in performing vendor management..
Ability to handle high pressure situations with key stakeholders. 

The successful candidate will possess the personality traits, work habits, communication, and social skills necessary to work effectively within a dynamic and highly operational environment. This person will have exemplary personal and professional integrity and demonstrate strong interpersonal skills. In addition, the qualified candidate will have a strong desire to succeed in a nationally and internationally recognized operational environment.
Bachelors’ or Masters’ degree in a related field or equivalent demonstrated experience and knowledge.
Applicants must have ability to work in U.S. without sponsorship and a valid Driver’s License.
Proven experience in an information security including developing Information Security policies and plans.
Experience in security remediation processes and technologies including patch management, change management, incident response, vulnerability management, and access control. Specific product experience is a plus.
Knowledge of Cybersecurity best practices and standards (e.g. NIST, ISO, etc.)
Strong familiarity with ISO 27001, FedRamp, and NIST CSF governance and risk management frameworks
Familiarity with EU General Data Protection Regulation (GDPR) Requirements preferred
Familiarity with AICPA SOC2 audit process and required artifacts
Familiarity with international compliance requirements preferred
Proven ability to manage multiple vendors and their alignment.
Security Consulting background a plus
Any of these certifications are a plus:
Security Essentials Certification (GSEC)
Certified Ethical Hacker (CEH)
Certified Penetration Tester (CWAPT)
Certified Information Systems Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
CompTIA Network+
CompTIA Security+
This position is a Sales Engineering role and as such will require customer facing skills and 50% travel.
Our client offers a competitive compensation plan with great earning potential. Benefits include medical coverage, dental coverage, disability, life insurance, 401K and an amazing work environment!
this job portal is powered by CATS