Vice President

Job Statement:

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client's needs and budget, and external threat analysis, which provides critical intelligence, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.

We are looking for a proven, high energy, results oriented Cybersecurity Operations Leader, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established SecOps Leader, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security posture. This is an opportunity for you to showcase your strong communication skills and experience in SOC operations, security governance & advisory, security risk management, security architecture, and cyber incident response programs.

Job responsibilities:

• Manage overall service delivery of Managed XDR, Attack Surface Reduction & Advisory services to our clients
• Lead & manage overall SOC operations
• Responsible for all escalations arising from security event monitoring, incident management and response
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational excellence
• Establish operational foundations, defining metrics and KPIs to drive governance, quality, and efficiency. Influence and improve existing processes through innovation and operational change.
• Perform threat management, threat modeling & hunting, identify threat vectors and develop use cases/detection rules for security monitoring
• Ensure training needs of team are adequately met
• Assist clients in identifying potential threats, vulnerabilities, and deficiencies in their environments and aid them by bolstering their cybersecurity maturity and resilience
• Evaluate client needs, coordinate designs for a solution, and clearly communicate the value proposition of complex and highly technical subjects
• Plan and execute information technology security assessments of on-premise/cloud IT assets by understanding organization objectives, structure, policies, processes, internal controls, and external regulations; identifies risk areas; prepares scope and objectives; prepares internal controls review programs
• Possess strong written and verbal communication skills with the ability to interact with senior management/Board, technical teams, and key client stake holders to convey complex technical security concepts to both technical and non-technical audiences
• Support in sales pursuits and proposals and assist in building practice eminence
• Deliver complex projects in a fast-paced, team environment
• Promote and participate in forums for sharing expertise, strengthening firm's collective knowledge, and helping resolve our clients' challenges
• Provide leadership to the enterprise's information security organization
• Constantly update the cyber security strategy to leverage new technology and threat information
• Establish strong client relationships to help progress the Services portfolio

Job specifications:

1. Qualification:

• A bachelor's degree in a related field and a minimum of 10 years of related work experience

Certifications -

1. One or more security certifications: Certified Information Systems Security Professional (CISSP)/Certified Information Systems Auditor (CISA)
2. One or more cloud security certifications: Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect), or Certified Cloud Security Professional (CCSP)/ Certificate of Cloud Security Knowledge (CCSK) etc.

2. Desired Skills:

Knowledge and Experience:

• Good understanding of SOC operations, design, technology, and management proficiency with domain administration, network architecture and design, and navigating change control procedures
• Knowledge and working experience of IT risk management based on ISO 31000/ISO 27005, NIST Cyber Security Framework, ISO 27001/27002, GDPR, PCI DSS, SOC 1/SOC 2, COBIT, HITRUST.
• Good understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming/scripting languages (C, Java, Perl, Shell).
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Knowledge and familiarity of common security technologies such as MDR, EDR, XDR, SIEM, Vulnerability Management, IDS/IPS, NTA, UEBA, DLP, and other solutions
• Knowledge of common pen test and application security tools, such as Kali Linux, Metasploit, Burp Suite, Wireshark, Web Inspect, Network Mapper (NMAP), Nessus and others
• Understanding of OWASP, the MITRE Attack framework, Cyber Kill Chain and the software development lifecycle (SDLC)
• Expertise in cloud security implementations
• Experience in effective vendor/partner management
• Experience in client management
• Ability to research and develop new security risk-based offerings
• Ability to lead and shape client expectations

Personal Attributes

• Self-starter and quick learner requiring minimal ramp-up
• Excellent analytical, written, oral, and interpersonal communication skills
• Highly self-motivated, self-directed, and attentive to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment