Vice President-Cyber Security

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.

We are looking for a proven, high energy, results oriented Cybersecurity Operations Leader, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established SecOps Leader, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security posture. This is an opportunity for you to showcase your strong communication skills and experience in SOC operations, security governance & advisory, security risk management, security architecture, and cyber incident response programs.

Responsibilities:

• Service Delivery Management: Oversee the end-to-end delivery of Managed XDR, Attack Surface Reduction, and Advisory services to clients, ensuring high-quality outcomes and client satisfaction.
• SOC Operations Leadership: Lead and manage Security Operations Center (SOC) operations, ensuring effective monitoring, incident management, and response processes are in place.
• Incident & Escalation Management: Take responsibility for escalations arising from security event monitoring, incident management, and response. Ensure timely resolution and process improvements.
• SLA & Process Compliance: Ensure that service level agreements (SLAs) are met, while also driving process adherence, continuous improvements, and operational excellence.
• Governance & Metrics: Establish and refine operational foundations, defining key metrics and KPIs to drive governance, quality, and efficiency. Influence operational change to improve performance.
• Threat Management & Detection: Lead efforts in threat management, modeling, and hunting. Identify threat vectors and develop use cases and detection rules to enhance security monitoring capabilities.
• Team Training & Development: Ensure that the team’s skill development and training needs are adequately addressed to maintain cutting-edge security expertise.
• Cybersecurity Maturity & Resilience: Assist clients in identifying potential threats, vulnerabilities, and deficiencies, advising on measures to enhance their cybersecurity maturity and resilience.
• Solution Design & Communication: Evaluate client needs, create tailored security solutions, and effectively communicate the value proposition of complex security concepts to both technical and non-technical stakeholders.
• Security Assessments: Plan and execute IT security assessments of on-premise/cloud IT assets. Understand organizational objectives, policies, and regulations to identify risk areas and prepare comprehensive review programs.
• Stakeholder Communication: Possess strong communication skills to engage with senior management, board members, technical teams, and key client stakeholders to convey complex security concepts effectively.
• Sales & Proposal Support: Contribute to sales pursuits, proposals, and the development of security practice eminence. Drive business growth through strategic client relationships.
• Project Delivery: Lead and deliver complex security projects in a fast-paced, team-driven environment.
• Knowledge Sharing & Collaboration: Foster a collaborative environment by promoting and participating in forums that enhance the firm’s collective knowledge and assist clients with complex challenges.
• Enterprise Security Leadership: Provide leadership and strategic direction to the organization’s information security initiatives.
• Cybersecurity Strategy & Technology Update: Regularly update and refine the cybersecurity strategy to incorporate new technologies and emerging threat information.
• Client Relationship Management: Establish and maintain strong client relationships to further expand the service portfolio and ensure long-term client success.

Job specifications:

1. Qualification:

A bachelor’s degree in a related field (e.g., Computer Science, Cybersecurity, or Information Technology) and a minimum of 15 years of relevant work experience.

Certifications

• Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA).
• Cloud security certifications from major Cloud Service Providers (AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect), or Certified Cloud Security Professional (CCSP) / Certificate of Cloud Security Knowledge (CCSK).
• 2. Desired Skills:

Desired Skills & Experience:

• SOC Expertise: Strong understanding of SOC operations, design, and management. Experience with domain administration, network architecture, and change control procedures.
• Risk Management Knowledge: Familiarity with IT risk management standards and frameworks, including ISO 31000, NIST Cybersecurity Framework, ISO 27001/27002, GDPR, PCI DSS, SOC 1/SOC 2, COBIT, and HITRUST.
• Networking & Security Technologies: Knowledge of networking (TCP/IP, OSI model), operating systems (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS), and programming languages (C, Java, Perl, Shell).
• Threat Landscape Awareness: In-depth understanding of cyber-attacks, threat vectors, risk management, and incident response.
• Security Solutions Proficiency: Hands-on experience with MDR, EDR, XDR, SIEM, Vulnerability Management, IDS/IPS, NTA, UEBA, DLP, and other security technologies.
• Penetration Testing Tools: Familiarity with penetration testing and application security tools (Kali Linux, Metasploit, Burp Suite, Nessus, NMAP).
• Security Frameworks & Methodologies: Understanding of OWASP, the MITRE Attack Framework, Cyber Kill Chain, and the SDLC (Software Development Lifecycle).
• Cloud Security Expertise: Advanced knowledge of cloud security practices and implementations.
• Vendor/Partner & Client Management: Strong experience in vendor/partner management, client management, and the ability to lead client relationships effectively.
• Offerings Development: Ability to research and develop innovative security risk-based offerings that meet client needs.
• Shaping Client Expectations: Expertise in managing and shaping client expectations throughout engagement cycles.