Cyber Security Manager - Starboard Cruise Services

As the Cyber Security Manager/Security Engineer, your primary purpose is to protect Starboards information systems, cloud infrastructure, endpoints, networks, and data against threats, including malware, hacks, and security breaches. The cybersecurity manager devises and implements policies to protect digital systems and assets. This role develops comprehensive guidelines and protocols for the organization’s employees on handling systems and information. The Cyber Security Manager will monitor new and emerging data privacy laws and ensure compliance -technically and contractually.  In the event of a cyberattack or data breach, the cybersecurity manager oversees the situation internally and works with external investigators and law enforcement personnel. This position is responsible for the collection and monitoring of risk metrics from operational security controls such as vulnerability scanning, system patching, penetration testing, and other security event sources.

ESSENTIAL DUTIES & RESPONSIBILITIES:

Cyber Security Enhancements

• Manage Projects to implement new security solutions on time and on budget.
• Design and build new security solutions to improve the security posture of the organization.
• Leading research and investments in cybersecurity technologies
• Developing security solutions that meet company visions and adhere to regulations.
• Reconfigure existing security platforms to reduce cyber security risk scores.
• Apply security related changes to the firewall and network switches.
• Apply security related changes to web/hypervisor/SAN and related servers.
• Recommends and participates in the analysis, evaluation, and development of enterprise long-term strategic and operating plans to ensure that the IT objectives are consistent with security best practices.
• Establish performance metrics and key performance indicators (KPIs) to measure the effectiveness of your team's efforts.
• Conduct threat identification and vulnerability assessments.
• Offer cybersecurity guidance, best practices, and support across businesses.
• Collaborate with cross-functional teams to integrate security into all aspects of projects, systems, and processes.
• Research new attack vectors and technologies to mitigate potential threats.
• Review, develop, test, and implement security plans, products, and control techniques.
• Work with Enterprise Services team to design security services and implement security architecture improvements.
• Identify unsupported applications or otherwise insecure technologies and work to update them or remove them from the network.

Incident Review and Mitigation

• Manage the Security Operations Center Partner ArticWolf to monitor and improve the organization's security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.
• Lead response and investigation efforts in data security incidents, provide an after-action report and design corrective actions.  Act as incident response manager and lead recover efforts in the event of security breaches or incidents.
• Monitor for new vulnerabilities, identify risks, and lead mitigation efforts.
• Ensure security patching is up to date -Collaborate with the Enterprise Services team as required for assistance.
• Track operational metrics related to alerts, incidents, and vulnerabilities.
• Review incidents identified by the SOC partner Arctic Wolf and action as appropriate.
• Monitoring cyber threats, vulnerabilities, suspicious activities, and intrusions
• Providing technical support for security systems, including firewalls and patch management
• Managing user configuration and remote access privileges

Policies and Procedures

• Lead, coordinate, communicate, integrate, and be accountable for the overall success of the cyber security program, ensuring alignment enterprise priorities.
• Oversee the organization's information technology (IT) security needs. Minimize security risks, respond to security threats and attacks, and develop best practices and procedures to safeguard information for the organization.
• Review legal documents relating to Data Privacy policies and lead contract review discussions with the legal team.
• Monitor new and emerging data privacy laws and ensure compliance -technically and contractually -advise the Starboard executive team how new Cyber Security Laws will affect the organization’s operations.
• Devise and implement policies to protect digital systems and assets. In addition, develop comprehensive guidelines and protocols for the organization's employees on handling systems and information.
• Lead Cyber Security awareness training across the organization.
• Review system configurations for unapproved changes. i.e. additional access, firewall rules, etc…
• Partner with Internal Audit to ensure compliance with all established security controls.
• Partner with External Audit to ensure compliance with all STB financial security controls.
• Lead the Change Advisor Board. Ensuring system changes do not put operations of the organization at risk of failures or security incidents.
• Training IT staff and the entire company on best security practices
• Keeping systems compliant with laws and industry regulations
• Conducting security audits to ensure policies are followed.

QUALIFICATIONS:

Education and Experience:

• Bachelor’s degree in information technology field such as Computer Science, Cyber Security, or equivalent years of experience required.
• Experience in risk management, vulnerability assessment, and security controls implementation.
• Ability to handle level 1-3 security issues.

Preferred Education & Experience:

• Industry certification such as CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional) a plus.
• Knowledge of regulatory frameworks desired (e.g. PCI, SOX, GDPR, SSAE16, ISO 27001)
• 5 years of as a network and system administrator

Knowledge, Skills & Abilities:

• Strong knowledge of incident response and crisis management with the ability to identify both tactical and strategic solutions using strong verbal and written communication skills.
• Understanding of network, desktop, and server technologies, including experience with network intrusion methods, network containment, segregation techniques and technologies
• Cloud security knowledge and skills; securing cloud environments as well as detecting and responding to cyber security incidents in the cloud.
• Log (network, security, access, OS, application, etc.) analysis skills and experience in relation to identifying and investigating security incidents.
• Strong knowledge of firewall technologies -Checkpoints preferred, but Palo Alto, or Fortinet Firewalls sufficient.
• Experience with Rolling out BitLocker enterprise wide.
• knowledge of PAM, IPAM, and IAM Solutions- Wallix preferred.
• Experience managing cyber security training programs and phishing campaigns.
• Working knowledge of Data security technologies and Products including Tanium, Sentinel One, Proofpoint, SFTP
• Strong communication skills, as well as the ability to adapt communication styles to suit different audiences. To have a clear understanding of confidentiality issues and related laws.
• Able to thrive in both independent and collaborative work environments.
• Dedicated, innovative and self-motivated team player.
• Able to effectively oversee multiple and concurrent projects / responsibilities.
• Ability to work flexible hours, days, and shifts.
• Ability to learn quickly and work independently with or without direct supervision.
• Ability to present cyber-related presentations to senior executives.
• Ability to maintain a positive mental attitude in a highly flexible environment.

Key Competencies:

• Customer Service
• Relationship Management
• Business Acumen
• Drive for Results
• Self-Development
• Courage
• Problem Solving
• Communicating Effectively
• Teamwork and Collaboration

Other:
Position Type/Expected Hours of Work
Some flexibility in hours is permitted, employee must be available during the “core” work hours of 8:00 a.m. to 5:00 p.m. Monday – Friday and must work 30 hours each week to maintain full-time status. Occasional evening and weekend work may be required as job duties demand.

Physical Demands:
Office environment with frequent sitting, walking and standing, occasional climbing, stooping, kneeling, crouching and balancing. Frequent use of eye, hand and finger coordination enabling use of office machinery. This position requires the ability to occasionally lift office products and supplies, up to 20 pounds. Oral and auditory enabling interpersonal communication as well as communication automated devise such as the telephone.

At Starboard Cruise Services and Onboard Media curating a vibrant world can only be accomplished by vibrant and diverse teams. We are committed to nurturing a workplace where you can feel safe to show up authentically and thrive while being uniquely you. Our North Star guides us to deliver equal employment opportunities for all individuals and to providing employees with an equitable work environment free of discrimination and harassment. We also aim to extend this commitment to the partners we work with and the guests we serve. We are constantly listening, learning, and evolving to deliver on these promises.

We believe our differences make us stronger and are curious to see you leverage your lived experiences to strengthen our team, our culture and your career. At Starboard Cruise Services and Onboard Media we take action so that no one is discriminated against because of their differences, such as age, disability (physical, mental or sensory), ethnicity, gender, gender identity and expression, religion, sexual orientation, military/veteran status, genetic information, family care status or any other basis protected by federal, state or local laws. All employment decisions will be made based on business needs, job requirements and individual qualifications.

So come onboard with us and celebrate a culture that attracts top talent with shared values and forms the foundation for a great place to work.