Manager, Enterprise Info Security - Vulnerability Management
As America’s Un-carrier, T-Mobile US, Inc. (NYSE: TMUS) is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The company’s advanced nationwide 4G and 4G LTE network delivers outstanding wireless experiences for customers who are unwilling to compromise on quality and value. Based in Bellevue, Wash., T-Mobile US operates its flagship brands, T-Mobile and MetroPCS. It currently serves approximately 58 million wireless subscribers and provides products and services through 70,000 points of distribution.The Manager of Corporate Information Security position exists to help prevent, detect, and respond to threats to company information, systems, and networks. This position will be responsible for ensuring appropriate protections are built into our infrastructure, products, systems, processes, and services. The Manager of CIS will facilitate security related interactions with business partners, OEMs, and service partners. Integration with the security community internal to T-Mobile and external with partners such as government, industry, and security organizations is necessary. The Manager of CIS will demonstrate strong critical thinking skills, excellent communication skills, and effectively manage the time and effort of all individual contributors, projects, and associated initiatives. A strong understanding of security technologies, architecture, and best practices will be critical to the success of this role. The Information Security manager serves as the process owner for all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards.
An in-depth understanding of:
- Vulnerability assessment tools (Nessus, Nexpose, Metasploit, Qualys, Qualys, nmap, Burp Suite, Retina, etc.) as well as manual techniques.
- Windows, Mac, and Linux-based operating systems from both a user-endpoint and server perspective.
- Technical writing and documentation tools (Microsoft Office Suite, wiki collaboration platforms, ticket and bug tracking systems).
- Common and emerging attack vectors, penetration methods, countermeasures, and remediation methods and implications.
- Patching programs and systems of major hardware and software vendors.
- Strong systems and network background with an emphasis in secure configuration and hardening.
- Knowledge of information security industry and regulatory obligations (PCI DSS, SOX404, SOC1/2, ISO 27000-series, NIST Framework, etc.).
- Industry Certifications preferred: GIAC, CISSP, CISM, CISA.
Minimum 5 years of experience in relevant info security technology or related field
Excellent analytical and problem solving skills. Strong communication, literacy, and comprehension
Working knowledge of security policy, compliance and control environment related to information security
Experience managing a team of 4 or more
Demonstratable experience with leadership role on at least one large project implementation. Demonstrated organizational influence
High School Diploma/GED
Computer Science or Information TechnologyRequires competency in customer focus, change & innovation, strategic thinking, relationship building & influencing, talent management, results focus and inspirational leadership.
- Oversee the maintenance and continual improvement of vulnerability management infrastructure, initiatives, integration, processes, and technical assessment support.
- Be accountable for the patch and vulnerability management process as well as the performance of the matrixed team’s assigned tasks.
- Support compliance and audit inquiries relating to security assurance and vulnerability management.
- Classify and prioritize the risk of new vulnerabilities according to the specifics of our unique environment’s risk level, mitigating factors, and assessment of the impacts of internal and external threats.
- Maintain dashboards and collect metrics and reports on vulnerability findings and remediation compliance.
- Publish monthly program metrics with the aim to characterize and communicate security effectiveness to executives and stakeholders.
- Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams.
- Work closely with both business-oriented executives and leads as well as technology-oriented personnel to ensure adequate processes are in place and actions are being taken to mitigate identified risks proactively.
- Provide technical support to system owners to propose mitigation and remediation solutions to identified issues.
- Provide input to the department’s leadership for enhancing the information security strategy.
- Assist departments across the organization in understanding and implementing security policy objectives in ways that are cost effective, and align with business objectives.
- Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers and other education opportunities.
- Strong knowledge of information security threats, vulnerabilities, and overall risk profile of the enterprise
- Mentor analysts, senior analysts, and CIS individual contributors to promote successful performance and career growth in alignment with department and enterprise objectives
- Demonstrated ability to provide security consultation on designs and/or implementation of security controls ensuring adherence to T-Mobile security standards and/or best practices
- Plan and execute appropriate protective measures to include policy, process, and overall security awareness
- Excellent verbal and communication skills necessary to engage with diverse cross functional groups and present effectively to small and large groups
- Lead security projects driven by groups both internal and external to Corporate Information Security
- Develop strategy, roadmap, and requirements for enterprise information protection to align with technology, product, and overall business strategy
We Take Equal Opportunity Seriously – By Choice
T-Mobile USA, Inc. is an Equal Opportunity Employer. All decisions concerning the employment relationship will be made without regard to age, race, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, marital status, veteran status, the presence of any physical or mental disability, or any other status or characteristic protected by federal, state, or local law. Discrimination or harassment based upon any of these factors is wholly inconsistent with our Company values and will not be tolerated. Furthermore, such discrimination or harassment may violate federal, state, or local law.
Back to top