"I can succeed as an Information Security Senior Manager - Attack Surface Operations at Capital Group."

As an Information Security Senior Manager for Attack Surface Operations, you will have a global responsibility to lead and operate Capital's vulnerability management, eCrime and Threat Intelligence programs as well as drive the SecOps communications, enhancements and metrics/KPI programs.

As an Information Security Senior Manager - Attack Surface Operations your responsibilities will include:

Vulnerability management

• You will drive the strategy, lead and develop the team at capital who identify, analyze, prioritize, remediate and report vulnerability risk in CG technology systems.
• You will work closely with stakeholders from across our Information Technology Group to drive Capital's vulnerability management program that manages risk to CG accepted levels, and in alignment with industry best practice and regulatory expectations.

• You will drive the strategy, lead and develop the team at Capital who monitor and disrupt fraudulent use of Capital's brand online to minimize negative impact to Capital's reputation and associates.

• You will work with stakeholders from across Capital's business to drive Capital's eCrime program to provide NIST-aligned eCrime fraud response services for Capital Group by collaborating with law enforcement agencies, security and trust teams at various social media platforms, industry groups, and vendors and reporting post-incident findings, recommendations, and risk items.

• You will drive the strategy, lead and develop the team at Capital who collect, process, assess and disseminate timely and actionable cyber threat intelligence to set the conditions for the successful mitigation of risk to Capital's business operations.
• You will work with stakeholders from across Capital's business to drive Capital's intelligence cycle process of seeking stakeholder direction, curating a world class collection capability, performing first class assessment to create timely and actionable intelligence before disseminating it as tactical, operational or strategic intelligence in business consumable formats.

• You will work across other security operations teams to produce mission critical metrics, KPIs and KRIs for all functions within the group.
• You will drive the 'battle rhythm' within Security Operations, driving the production of our weekly communications, monthly review sessions, weekly standups, quarterly business updates and regular intelligence updates.
• You will curate and curate SecOps regular written updates, including annual intelligence products (threat assessments) and weekly SecOps updates.
• You will work with 2nd Line and other risk teams to formalize the review process for after-action reviews and CI opportunities.

• You are a leader with a track record of competency in the field of Information Security and Risk with 7+ years of relevant security and technology experience, including 5+ years in a significant leadership role.
• You have experience or demonstrable knowledge in driving strategies and programs across the spectrum of the role including Vulnerability Management, eCrime, intelligence and reporting
• You have a bachelor's degree from an accredited institution, with degree preferred in Computer Science or Information technology systems security or related field.
• You have experience in establishing cyber security and risk metrics for reporting.
• You have strong emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders.
• You are highly capable and experienced in negotiation and persuasion skills.
• You have demonstrated an affinity for working with a diverse team.
• You have effective oral and written communication skills. Information Security certification based on industry best practices.
• You have excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences.
• You have an ability to work with, persuade and motivate technology teams and legal teams to support the work needed by attack surface operations teams.
• You are at ease with managing multiple priorities, ambiguity and rapidly moving business environment.
• You have a strong understanding of the business impact of security tools and operations, cloud technologies and policies.
• You have strong leadership abilities, with the capability to develop and guide IT operations personnel, and work with minimal supervision.
• You have experience working with legal, audit, operations and compliance staff.
• You have experience developing and maintaining policies, procedures, standards and guidelines.
• You have experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), the European Union Privacy Directives, and the Japanese Financial Instruments and Exchange Law ("J-SOX").