Senior Manager Cyber Security - Garmin International, Inc.

We are seeking a full-time Senior Manager Cyber Security in our Olathe, KS location. In this role, you will be responsible for leading and directing Cyber Operations including people, processes, and technologies globally across Garmin while working with key business stakeholders and servers as an escalation point for incident management and response issues.

Essential Functions

• Develop/define necessary cybersecurity policies, and procedures, and advocate cyber best practices
• Accountable for all elements of delivery, from defining vision and developing strategy and maturity roadmaps, through implementation, execution, and ongoing operations
• Lead major cyber incidents including the development of investigation/scoping, containment, and remediation plans for resolving major cyber incidents, aligning resources to execute incident tasking, reporting findings to executive leadership, and managing response optics and tone
• Develop a strategy to evaluate, design, or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment
• Manage oversight of technical risk assessments, such as vulnerability scanning, penetration testing, risk reviews for new applications, and third-party risk assessments
• Lead, manage, and monitor security projects and provide expert input for other IT projects
• Develop security programs: manage/execute project deliverables; communicate to affected stakeholders/Garmin associates; develop procedures, guidelines, and flow diagrams to be implemented on an ongoing basis; and develop tools or metrics to measure program implementation
• Define/publish key performance indicators measuring the effectiveness of operational cybersecurity
• Develop/refine security governance practices to ensure the implementation of executive management and the Board of Directors' information security agenda/strategy or objectives within Garmin
• Collaborate with business/technology teams on enterprise objectives, initiatives, and information security risk to ensure robust security and compliance postures and exceed established standards
• Advise/review Security Design and recommend security systems/controls in accordance with best practices
• Ensure continuous improvement of policies, procedures, and technology (including automation) related to compliance to enable risk reduction, business enablement, and operational efficiencies
• Orchestrate objectives/tasks across global teams to ensure integration/collaboration
• Develop and lead cyber threat intelligence to identify/analyze long/short-term cyber threat actor groups, techniques, and tactics to make informed information security defenses/technology decisions
• Provide management with weekly, monthly, and quarterly metrics for risk, performance, and colleague performance and develop relationships with external sources of Cybersecurity information
• Escalate incidents to management in a timely manner with appropriate information regarding risk, action times, and root cause analysis
• Coordinate response, triage, and escalation of security events affecting the company's information assets and activities within the incident response leadership team
• Perform post-incident review of processes/steps used to remediate an incident; implement improvements in the environment (such as technical controls) and/or incident response process
• Define operational metrics, objectives, and key performance indicators to ensure operational excellence and help define and execute strategy for detection, investigation, and incident response
• Collaborate with partner teams for efficient, large-scale response
• Evaluate workload and available resources and adjust schedules/priorities as required
• Observe/evaluate project performance and provide feedback when necessary, including the provision of proper training
• Communicate complex issues in oral and written form in terms clearly understood by a technical and non-technical audience
• Sponsor security architectural efforts, bring balance, and influence architectural decisions, business requirements, and security vision
• Lead/guide managers/team leads to ensure strategic goals translate to operational objectives
• Assess/adapt existing operational programs and develop capabilities to ensure ongoing success
• Build/maintain high performing team(s) by recruiting, developing, and retaining outstanding talent
• Promote team member engagement/effectiveness by providing constructive feedback and promoting personal development, including writing and conducting annual performance appraisals
• Develop/manage team and individual performance and capacity metrics to identify successful operations or areas needing improvement, ensuring all organizational objectives are met
• Demonstrate ongoing personal development, professional growth, and continuous education

Basic Qualifications

• Bachelor’s Degree in Engineering, Computer Science, or Management Information Systems AND a minimum of 10 years relevant experience including 5 years of leadership experience as a Cyber Security Professional
• Knowledge of analysis, design, and configuration of complex IT applications, local and wide area networks, heterogeneous server systems, and regulatory and security requirements
• Demonstrated experience successfully coordinating teams and multiple projects
• Experience with formal software systems change control techniques
• Demonstrated understanding of general security concerns in areas such as servers, network topology/ access controls, endpoint security, change/problem management, and Cyber Security Monitoring
• Must demonstrate the ability to work proactively/effectively with minimal supervision and must demonstrate proficient/effective leadership skills with the ability to lead a team
• Demonstrated strong and effective verbal, written, and interpersonal communication skills
• Must be team-oriented, possess a positive attitude, work well with others, and demonstrate proficient organizational, problem-solving, and project management abilities
• Able to communicate complex issues in both oral and written form in terms clearly understood by highly technical and non-technical audiences

Garmin International is an equal opportunity employer.  Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, veteran’s status, age or disability.

This position is eligible for Garmin's benefit program. Details can be found here: Garmin Benefits