Security Manager

at  OBASA Suites

The Obasa Group of Companies & MyKey Global Accommodations are exciting, fast-growing, technology-enhanced vendor management solutions serving the insurance industry, helping people with emergency accommodations in times of need.

EDUCATION AND QUALIFICATIONS:

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• Minimum of 7 years of experience in network security, physical security, application security, or a similar role.
• Security certifications such as CISSP, CEH, CISM, or CISA are preferred.
• Strong knowledge of network security protocols, firewalls, VPNs, IDS/IPS, and SIEM tools.
• Experience with cloud security technologies and frameworks (AWS, Azure, etc.).
• Deep understanding of security compliance standards, such as ISO 27001, PCI DSS, NIST, etc.
• Proficiency in conducting vulnerability assessments, penetration testing, and risk assessments.
• Strong problem-solving and decision-making skills, with the ability to work under pressure.
• Excellent communication skills for both technical and non-technical audiences.
• Experience in security architecture and integrating security into the SDLC.

ADDITIONAL SKILLS:

• Coding experience (a plus).
• Knowledge of physical security technologies (access control, CCTV, etc.).
• Proven ability to manage cross-functional teams and handle multiple security projects simultaneously.

• Network Security:
• • Design, implement, and maintain robust network security tools, including firewalls, IDS/IPS, VPNs, and SIEM.
• Regularly monitor, patch, and optimize network security infrastructure to protect against evolving threats.
• Conduct network vulnerability assessments and penetration tests to identify and mitigate risks.
• Physical Security:
• • Oversee the implementation and management of physical security measures, including access control systems, surveillance, and facility security protocols.
• Ensure that the company’s physical assets are secure from unauthorized access and physical threats.
• Coordinate with facilities teams to enforce physical security policies and regularly review and upgrade physical security technologies.
• Application Security:
• • Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC), including the use of SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools.
• Conduct code reviews and security audits on applications to identify potential vulnerabilities.
• Advise on secure software design, providing feedback on system architectures to ensure that security requirements are met.
• Risk Assessment & Management:
• • Lead comprehensive security risk assessments to identify potential threats to network, physical, and application security.
• Develop and enforce policies and procedures to mitigate identified risks, ensuring alignment with the organization’s risk management strategy.
• Work with risk management and compliance teams to ensure all regulatory and industry standards are met, such as ISO 27001, PCI DSS, and other relevant security frameworks.
• Incident Response & Monitoring:
• • Participate in and lead incident response teams, assisting in the investigation, containment, and resolution of security incidents.
• Establish and monitor security alerts and SIEM dashboards, ensuring timely identification and remediation of threats.
• Conduct post-incident analysis and update security protocols to prevent future occurrences.
• Collaboration & Training:
• • Develop and deliver security awareness training programs for employees to enhance understanding of security risks and best practices.
• Liaise with IT, development, and operations teams to ensure cohesive security practices across the organization.
• Maintain strong working relationships with third-party vendors and security consultants to evaluate and improve security technologies.
• Documentation & Reporting:
• • Maintain comprehensive documentation on all security policies, procedures, and tools.
• Prepare and present security reports to senior management, detailing security performance, risks, and areas for improvement.