This job might no longer be available.

Senior Manager - Attack Surface Management

Aristocrat
Remote Nevada 89135 United States of America
1 year ago
Apply

Summary

In this role, you will be responsible for leading the Attack Surface Management team with the goal of reducing risk at Aristocrat and its subsidiaries. You will work to identify and monitor assets internally and externally, provide service identification and vulnerability scanning for those assets on a continual basis, and communication of the risk as a result of scanning and analysis. Reporting to the Sr. Director of Security Operations, you will employ your proven expertise to the Attack Surface Management function. You will have great input into the development of the team as their leader, and limitless opportunity to develop and refine processes to effectively manage cyber risk. Successful candidates will have a rich technical background in vulnerability management and the ability to effectively communicate technical and business risk to appropriate audiences. This role works alongside key stakeholders and partners across Business Units to lead the Attack Surface Management function forward through a collaborative, risk based, approach.

Pay Range

$142,513-$264,667

What you'll do

· Manage the Global Information Security (GIS) Attack Surface Management (ASM) team.

· Provide coaching and mentoring to direct reports as part of a world class ASM team.

· Lead the implementation of strategy and key initiatives/projects focused on the reduction of technology risk within Aristocrat under the direction of the Director of Security Operations.

· Partner with stakeholders to create a global vulnerability remediation process that tracks vulnerabilities from detection to remediation in a collaborative manner.

· Work with GIS leadership to identify opportunities for and produce regular vulnerability management metrics reports.

· Work with Governance, Risk and Compliance (GRC) to create, document and implement a global vulnerability management exception process.

· Structure ASM program to serve both enterprise security and product security requirements.

· Assist in identifying solutions and solving complex/unique problems with regards to Aristocrat’s Attack Surface.

· Assist in the execution of departmental plans, including business, production and/or organizational priorities and contribute to the Attack Surface Management functional strategy.

· Partner with IT and business teams to develop solutions that address root causes and proactively eliminate risk.

· Utilize existing vulnerability management, security configuration management, and web application scanning tools and processes to extend coverage, increase effectiveness and expand capabilities.

· Work with diverse IT and business teams to assist in developing solutions to remediate identified vulnerabilities and misconfigurations in a risk-prioritized effective and efficient fashion.

· Provide support to Audit, Legal, Human Resources, Corporate Security and Executives.

· Possess the ability to effectively identify, evaluate and communicate new and ongoing security threats.

What we're looking for

· Minimum five years leading and/or managing an Attack Surface Management team, engagements or related experiences.

· Possess strong technical security skills and comprehension of security and risk.

· Ability to work on complex projects and with diverse teams.

· Familiarity with Vulnerability Management tools such as Qualys QualysGuard, Rapid7, Tenable Nessus, etc.

· Familiar with Policy Compliance tools such as Qualys, Symantec CCS, Microsoft SCCM, etc.

· Familiar with Web Application Scanning tools such as WhiteHat, Appscan, WebInspect, etc.

· Familiar with vulnerability management tool integrations such as GRC, ticketing systems, SIEM, etc.

· Familiar with Security Single Pane of Glass implementations or frameworks such as RSA Archer, Kenna, RSAM, etc.

· Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments.

· Extensive knowledge and experience with physical and virtual server configurations and implementations as well.

· Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.).

· Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)

· Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE and Open Web Application Security Project (OWASP) processes and remediation.

· Strong technical understanding and experience assessing threats to and identifying weaknesses in multiple operating system platforms, database and application servers, and custom and off-the-shelf applications, etc.

· Must be both a self-starter and team player with the ability to work independently with limited supervision.

· Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner to other teams within Aristocrat, Inc., locally and globally.

· Exceptional communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and manage and resolve conflict.

· Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines

· Security-related certifications a plus – CRISC, CISSP, CISM, CEH, etc

Create Your Profile — Game companies can contact you with their relevant job openings.
Apply

Jobs at Aristocrat

Management jobs