Sr. Manager, Corporate Security - ZeroFox
Baltimore, MD
About the Job
ZeroFox seeks a Senior Manager of Corporate Security to develop, lead, and manage the day-to-day responsibilities and quarterly/yearly objectives of the security operations team. Reporting to the ITSec Director, this leadership role will help evolve ZeroFox’s capabilities and manage a talented technical team with a forward-thinking and proactive approach to information security. Partnering closely with IT, DevOps, Legal and company leadership, you will continue implementing a security and privacy program that is built on high-quality processes, adheres to guidelines and controls that are regularly tested and reported, and meets recognized security and privacy standards.
Role and responsibilities
- Serve as direct manager to a team of globally dispersed security operations professionals, providing day-to-day guidance and team leadership to ensure optimized levels of execution.
- Provide status, reporting, and metrics to the Director.
- Use Operational KPIs and metrics to monitor and evaluate the efficiency of day-to-day operations.
- Manage the technical aspects of ZeroFox’s Security Program including vulnerability management, incident management, security testing, intrusion detection, auditing and monitoring.
- Manage internal threat and vulnerability assessments and application security testing.
- Review and validate remediation activities resulting from threat and vulnerability assessments.
- Serve as project manager for technical security initiatives and provide advisory support.
- Maintain and verify adherence to technical security configuration standards.
- Respond to security related questions for client-facing Request for Proposals or Request for Information as needed.
- Works directly with counterparts in the business and corporate units.
- Identify and champion security projects to address identified risks and meet business security requirements.
- Assists with escalations by working cross-functionally to collect data points, metrics, and details that will prove useful in analyzing root cause.
- Leverage the collective expertise of the Security, IT, and DevOPS teams to recommend solutions to significant and complex security events.
- Interface with and help resolve internal and external (customer, vendor) stakeholder escalations.
- Oversee internal security investigations in response to reports of possible information security/privacy violations, coordinating with other departments (IT, HR, Legal).
- Oversee the execution of regular information security assessments, providing escalation assistance for any gaps, including management of development and implementation of prioritized plans for remediation.
- Assist with annual Security Operations & DevSecOps product roadmapping, budget, and capacity planning efforts.
- Manage quarterly product and operations backlogs for Security Operations and DevSecOps.
- Understand and promote principles and execution of continuous process and performance improvement for all information security procedures.
- Demonstrate an extensive knowledge of and regularly monitor and stay up to date on relevant industry changes, trends, laws, regulatory updates and best practices.
- Coordinate yearly table-top incident response exercises, security awareness training, HIPAA training, privacy training, and phishing exercises.
- Assist with System Security Plans (SSP), Security and Privacy policies, Plan of Action & Milestones (POA&M) and required documentation in support of the company’s FedRAMP Certification program and Federal customers.
- Develop, document, and implement Standard Operating Procedures.
Requirements
- Bachelor’s degree in cybersecurity, computer science, or equivalent experience.
- At least 6 years prior experience managing security operations teams.
- Expert knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: NIST SP 800-53, ISO 27001, SOC 2, PCI, SOX, ITSM, etc.
- Solid understanding of Federal and International security & privacy laws and regulations: CCPA, GDPR, FISMA, HIPAA.
- Experience working with 3rd party Risk Management auditors and Risk Management Frameworks.
- Prior experience developing and maintaining information security policies
- Prior experience conducting information security assessments, including identifying gaps, developing plans to fill gaps and hands-on implementation of solutions
- Prior experience monitoring for and responding to information security issues
- Prior experience working with cloud, network, host, and product security
- Physical security experience a plus
Benefits
- Competitive compensation
- Community-driven culture with employee events
- Regular catered lunches for in-office work; snacks, drinks available daily
- Generous time off
- Comprehensive health benefits & 401(k) plan
- Fun, modern workspace
- Respectful and nourishing work environment, where every opinion is heard and everyone is encouraged to be an active part of the organizational culture
- Total annual compensation range $120,000 - $180,000
About ZeroFox
ZeroFox is on a mission to make the internet safer for all. Innovation is at our core – we are relentless in the pursuit of finding new ways to disrupt external cyber threats on the surface, deep, and dark web. ZeroFox offers the only unified cybersecurity platform combining advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to protect customers from growing threats across the external attack surface. It’s a great time to join us in the Fox Den – with fresh private equity funding, expanding investments in AI, a people-first culture, and centers of excellence around the world, we’re growing like never before. If you’re looking for a mission-oriented, customer-focused, collaborative team and ready to take the fight to the adversary, apply to join us in the Den today.
Equal Opportunity, Diversity & Inclusion
We aim to build a team that represents a variety of backgrounds, perspectives, and skills. We embrace inclusion and ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, military or veteran status, or any other personal characteristic.