Sr. Manager, Corporate Security at ZeroFOX
Baltimore, MD 21201
About the Job
OPPORTUNITY OVERVIEWZeroFox seeks a Senior Manager of Corporate Security to develop, lead, and manage the day-to-day responsibilities and quarterly/yearly objectives of the security operations team
Reporting to the ITSec Director, this leadership role will help evolve ZeroFox’s capabilities and manage a talented technical team with a forward-thinking and proactive approach to information security
Partnering closely with IT, DevOps, Legal and company leadership, you will continue implementing a security and privacy program that is built on high-quality processes, adheres to guidelines and controls that are regularly tested and reported, and meets recognized security and privacy standards.Role and responsibilitiesServe as direct manager to a team of globally dispersed security operations professionals, providing day-to-day guidance and team leadership to ensure optimized levels of execution.Provide status, reporting, and metrics to the Director.Use Operational KPIs and metrics to monitor and evaluate the efficiency of day-to-day operations. Manage the technical aspects of ZeroFox’s Security Program including vulnerability management, incident management, security testing, intrusion detection, auditing and monitoring.Manage internal threat and vulnerability assessments and application security testing.Review and validate remediation activities resulting from threat and vulnerability assessments.Serve as project manager for technical security initiatives and provide advisory support.Maintain and verify adherence to technical security configuration standards.Respond to security related questions for client-facing Request for Proposals or Request for Information as needed.Works directly with counterparts in the business and corporate units.Identify and champion security projects to address identified risks and meet business security requirements.Assists with escalations by working cross-functionally to collect data points, metrics, and details that will prove useful in analyzing root cause. Leverage the collective expertise of the Security, IT, and DevOPS teams to recommend solutions to significant and complex security events.Interface with and help resolve internal and external (customer, vendor) stakeholder escalations.Oversee internal security investigations in response to reports of possible information security/privacy violations, coordinating with other departments (IT, HR, Legal). Oversee the execution of regular information security assessments, providing escalation assistance for any gaps, including management of development and implementation of prioritized plans for remediation.Assist with annual Security Operations & DevSecOps product roadmapping, budget, and capacity planning efforts.Manage quarterly product and operations backlogs for Security Operations and DevSecOps.Understand and promote principles and execution of continuous process and performance improvement for all information security procedures. Demonstrate an extensive knowledge of and regularly monitor and stay up to date on relevant industry changes, trends, laws, regulatory updates and best practices.Coordinate yearly table-top incident response exercises, security awareness training, HIPAA training, privacy training, and phishing exercises. Assist with System Security Plans (SSP), Security and Privacy policies, Plan of Action & Milestones (POA&M) and required documentation in support of the company’s FedRAMP Certification program and Federal customers. Develop, document, and implement Standard Operating Procedures
Required qualifications and skillsBachelor’s degree in cybersecurity, computer science, or equivalent experience.At least 6 years prior experience managing security operations teams.Expert knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: NIST SP 800-53, ISO 27001, SOC 2, PCI, SOX, ITSM, etc.Solid understanding of Federal and International security & privacy laws and regulations: CCPA, GDPR, FISMA, HIPAA.Experience working with 3rd party Risk Management auditors and Risk Management Frameworks.Prior experience developing and maintaining information security policiesPrior experience conducting information security assessments, including identifying gaps, developing plans to fill gaps and hands-on implementation of solutionsPrior experience monitoring for and responding to information security issuesPrior experience working with cloud, network, host, and product securityPhysical security experience a plusABOUT ZEROFOXZeroFox’s mission is clear: we protect customers - their data, their assets and their people - across the internet
Through AI-powered technology, global intelligence collection and services provided by a team of expert analysts and threat hunters, we give customers the protection and intelligence needed to disrupt a new era of attacks on the surface, deep and dark web
Now is a great time to join the Fox Den: with $150M+ in funding to date, recognition from Forrester as best-in-class in brand intelligence and numerous awards and honors, joining the ZeroFox team means joining a culture that is committed to excellence and growth
That means committing to the success of each of our employees so you can be the best version of yourself on the best team
If you’re ready to join a team that is mission-oriented, customer-focused, collaborative and dedicated, you’ve come to the right place.Equal Opportunity, Diversity & InclusionWe aim to build a team that represents a variety of backgrounds, perspectives, and skills
We embrace inclusion and ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, military or veteran status, or any other personal characteristic.DepartmentFinance & AdministrationEmployment TypeFull TimeMinimum Experience
Reporting to the ITSec Director, this leadership role will help evolve ZeroFox’s capabilities and manage a talented technical team with a forward-thinking and proactive approach to information security
Partnering closely with IT, DevOps, Legal and company leadership, you will continue implementing a security and privacy program that is built on high-quality processes, adheres to guidelines and controls that are regularly tested and reported, and meets recognized security and privacy standards.Role and responsibilitiesServe as direct manager to a team of globally dispersed security operations professionals, providing day-to-day guidance and team leadership to ensure optimized levels of execution.Provide status, reporting, and metrics to the Director.Use Operational KPIs and metrics to monitor and evaluate the efficiency of day-to-day operations. Manage the technical aspects of ZeroFox’s Security Program including vulnerability management, incident management, security testing, intrusion detection, auditing and monitoring.Manage internal threat and vulnerability assessments and application security testing.Review and validate remediation activities resulting from threat and vulnerability assessments.Serve as project manager for technical security initiatives and provide advisory support.Maintain and verify adherence to technical security configuration standards.Respond to security related questions for client-facing Request for Proposals or Request for Information as needed.Works directly with counterparts in the business and corporate units.Identify and champion security projects to address identified risks and meet business security requirements.Assists with escalations by working cross-functionally to collect data points, metrics, and details that will prove useful in analyzing root cause. Leverage the collective expertise of the Security, IT, and DevOPS teams to recommend solutions to significant and complex security events.Interface with and help resolve internal and external (customer, vendor) stakeholder escalations.Oversee internal security investigations in response to reports of possible information security/privacy violations, coordinating with other departments (IT, HR, Legal). Oversee the execution of regular information security assessments, providing escalation assistance for any gaps, including management of development and implementation of prioritized plans for remediation.Assist with annual Security Operations & DevSecOps product roadmapping, budget, and capacity planning efforts.Manage quarterly product and operations backlogs for Security Operations and DevSecOps.Understand and promote principles and execution of continuous process and performance improvement for all information security procedures. Demonstrate an extensive knowledge of and regularly monitor and stay up to date on relevant industry changes, trends, laws, regulatory updates and best practices.Coordinate yearly table-top incident response exercises, security awareness training, HIPAA training, privacy training, and phishing exercises. Assist with System Security Plans (SSP), Security and Privacy policies, Plan of Action & Milestones (POA&M) and required documentation in support of the company’s FedRAMP Certification program and Federal customers. Develop, document, and implement Standard Operating Procedures
Required qualifications and skillsBachelor’s degree in cybersecurity, computer science, or equivalent experience.At least 6 years prior experience managing security operations teams.Expert knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: NIST SP 800-53, ISO 27001, SOC 2, PCI, SOX, ITSM, etc.Solid understanding of Federal and International security & privacy laws and regulations: CCPA, GDPR, FISMA, HIPAA.Experience working with 3rd party Risk Management auditors and Risk Management Frameworks.Prior experience developing and maintaining information security policiesPrior experience conducting information security assessments, including identifying gaps, developing plans to fill gaps and hands-on implementation of solutionsPrior experience monitoring for and responding to information security issuesPrior experience working with cloud, network, host, and product securityPhysical security experience a plusABOUT ZEROFOXZeroFox’s mission is clear: we protect customers - their data, their assets and their people - across the internet
Through AI-powered technology, global intelligence collection and services provided by a team of expert analysts and threat hunters, we give customers the protection and intelligence needed to disrupt a new era of attacks on the surface, deep and dark web
Now is a great time to join the Fox Den: with $150M+ in funding to date, recognition from Forrester as best-in-class in brand intelligence and numerous awards and honors, joining the ZeroFox team means joining a culture that is committed to excellence and growth
That means committing to the success of each of our employees so you can be the best version of yourself on the best team
If you’re ready to join a team that is mission-oriented, customer-focused, collaborative and dedicated, you’ve come to the right place.Equal Opportunity, Diversity & InclusionWe aim to build a team that represents a variety of backgrounds, perspectives, and skills
We embrace inclusion and ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, military or veteran status, or any other personal characteristic.DepartmentFinance & AdministrationEmployment TypeFull TimeMinimum Experience