Calix provides the cloud, software platforms, systems and services required for communications service providers to simplify their businesses, excite their subscribers and grow their value.We are seeking an experienced information security professional to run our new Risk Operations Center focused on operationalizing risk-based management.This is a technical hands-on, program management role that will lead efforts in managing risk across Calix’s entire attack surface, including risk-based management of vulnerabilities, insider risk and data loss detection/response, and effectively document/communicate the prioritized risk.The hybrid nature of this role makes it ideal for candidates with strong hands-on technical skill looking to grow with more responsibilities such as ability to develop program documentation, using maturity models to grow security programs, pull data from APIs for metrics and dashboards, present briefings to leadership, collaborate and build strong relationships with other Calix teams. There are no immediate people leadership responsibilities for this role.Responsibilities and Duties:Develop and manage a comprehensive Risk Operations Center (ROC) to proactively manage risk-based prioritization and mitigation across Calix’s attack surface.Implement a risk-based vulnerability management program that reflects a strong understanding of the Vulnerability Management Lifecycle and industry best practices.Develop playbooks using SOAR (Security Orchestration, Automation, & Response) or scripts to automate manually repetitive tasks.Develop and automate repeatable etiquette for calculating, prioritizing, documenting, and communicating risk to various Calix teams and leadership.Help mature the insider risk program, including the development of strategies, security tool configuration and tuning, and automation opportunities to deter, detect, and respond to insider risks and data loss.Conduct investigations and analysis to identify and resolve insider risk alerts and potential data loss, including reviewing logs and network activity, analyzing user behavior, and forensic investigations.Work closely with Legal, Privacy, and HR teams to provide support for e-discovery requests, including data collection, preservation, processing, and review, while ensuring confidentiality and discreet resolution of investigations.Drive continuous improvements by staying current on industry trends and best practices in vulnerability management, insider risk, and other risk operations functions and adapt the programs accordingly.Interface and coordinate with third-party DFIR partners.Orchestrate technical tabletop exercises to help identify risks to our incident response and detection capabilities.Develop and maintain documentation for ROC, insider threat, and vulnerability management programs including standards, processes, procedures.Prepare and present formal and informal analysis and briefings to relevant stakeholders and executives.Assist in developing business cases and project plans to implement new capabilities or mature existing toolsets for continual maturity of ROC.Qualifications:Required: Bachelor's degree in information systems, Computer Science or similar10+ years of experience in hands-on information security roles, preferably with 2-3 years in either Insider Risk or Vulnerability Management.Hands-on technical demonstrated experience with security related technologies such as SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, & Response), EDR (Endpoint Detection and Response), UEBA (User & Entity Behavior Analytics), DLP (Data Loss Prevention).Hands-on investigation analysis and incident response of security alerts and incidents.Familiarity with insider risk and data loss investigations.Strong knowledge of methodologies and technologies in modern risk-prioritized vulnerability management programs.Ability to communicate risk effectively while conveying highly technical concepts to both technical and non-technical stakeholders.Familiarity with security reporting, dashboarding, and metrics. Preferred Qualifications:Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM, CRISC, or Insider Threat Program Manager (ITPM) are highly desirable.Familiarity with unified vulnerability toolsExperience in an Insider Risk, Vulnerability Management, Incident Response, or similar roleFamiliarity with FAIR methodology#Remote-LICompensation will vary based on geographical location (see below) within the United States. Individual pay is determined by the candidate's location of residence and multiple factors, including job-related skills, experience, and education.For more information on our benefits click here.There are different ranges applied to specific locations. The average base pay range (or OTE range for sales) in the U.S. for the position is listed below.San Francisco Bay Area Only:145,000.00 - 241,600.00 USD AnnualNational Major Cities plus, CA, CO, NY Metro area:126,100.00 - 210,100.00 USD AnnualRegional plus NY:113,500.00 - 189,100.00 USD Annual
View Original Job Posting