Avp, Incident Response (For Caliber)
Coppell, Tx, Us
Responsible for security operations – the tools, their maintenance and maturity, their program and procedures documentation, and event/ incident response• Matured and maintained the security operations program supported by a team of four, including high-quality tools for security information and event management (SIEM), endpoint protection, email security, phishing awareness training, web content filtering, web application firewall, and threat and brand intelligence, including program documentation development• Managed the deployment of two SIEMs (including over 20 log source types, hundreds of analytics, and their tuning) and the threat and brand intelligence tool (including eight watch lists and 50 alerts)• Owned vendor relationships for all Security Operations’ tools plus the incident response retainer – including negotiation of terms and costs, onboarding, and ongoing coordination• Redesigned the Information Security Policy and supporting security standards (including but not limited to the Cybersecurity Incident Response Standard) by revising existing documents and creating new standards for historical control gaps prior to the establishment of the IT Risk Team• Established and maintained the Cybersecurity Incident Response Plan to provide a foundation for guiding responses to a real or perceived incident impacting computing assets, data, or networks from preparation through lessons learned• Developed the Cybersecurity Crisis Management Plan, which provides a framework for enterprise wide, strategic management of a cyber-related crisis, and annually coordinated a simulation exercise to identify subsequent plan enhancements• Collaborated closely across IT to identify security risks and drove assigned risks and audit findings to thorough closure ahead of schedule• Executed security operations strategy while staying on budget ($3.5M)