Manager, Cybersecurity Operations Center

Port Authority of New York and New Jersey

Jersey City, NJ

Apply

JOB DETAILS

SKILLS

Architectural Design, Auditing, Automation, Background Investigation, Best Practices, Budget Management, Business Continuity Planning (BCP), CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Change Management, Communication Skills, Computer Security, Continuous Improvement, Contract Management, Contract Negotiation, Contract Requirements, Control Systems, Cross-Functional, Data Quality, Disaster Recovery, Employee Retention, Endpoint Security, Establish Priorities, External Audit, FISMA - Federal Information Security Management Act, Federal Emergency Management Agency, Government, HIPAA (Health Insurance Portability and Accountability Act), Hunting, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Intelligence Agencies, Internet Security, Interpersonal Skills, Interviewing Skills, Intrusion Detection Systems, Intrusion Prevention Systems, Law Enforcement, Leadership, Maintain Compliance, Malware Analysis, Mentoring, Metrics, Network Systems, Operational Improvement, Operations Management, PCI, People Management, Performance Analysis, Performance Management, Performance Metrics, Policy Development, Presentation/Verbal Skills, Procedure Development, Process Improvement, Regulations, Regulatory Compliance, Regulatory Requirements, Reporting Skills, Risk, Risk Analysis, Risk Management, Security Architecture, Security Attacks, Security Information and Event Management (SIEM), Security Monitoring, Service Delivery, Service Level Agreement (SLA), Supplier Relationship Management (SRM), System Architecture, Team Lead/Manager, Team Player, Testing, Threat and risk analysis (TRA), Time Management, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Evaluation, Vendor/Supplier Management, Vendor/Supplier Quality Management, Vendor/Supplier Relations

LOCATION

Jersey City, NJ

POSTED

29 days ago

Description

About the Role

The Cybersecurity Operations Center Manager is responsible for overseeing the day-to-day operations of the Cybersecurity Operations Center, (CSOC), managing vendor performance, and ensuring compliance with agency cybersecurity policies and contractual obligations.

This role involves developing and executing continuous monitoring programs, leading incident response efforts, and optimizing security operations through automation and improved processes. The CSOC Manager will also ensure the effective integration of security monitoring tools and provide regular cybersecurity metrics and reporting to senior leadership.

Position within the Organization:

Reporting to the Chief Information Security Officer (CISO), the CSOC Manager will lead the CSOC team, collaborate with internal stakeholders and external vendors, and ensure the organization’s cybersecurity operations are aligned with best practices, regulatory requirements, and the overall security strategy.

Responsibilities

Contract Management and Vendor Supervision:

+ Provide contract management and supervision for the operations of the 24 x 7 Cyber Security Operations Center (CSOC) to ensure compliance with agency expectations.

+ Ensure that the staffing contractor adheres to the scope of work, delivering services on schedule and within budget.

Policy and Procedure Management:

+ Maintain the currency of policies, procedures, standards, playbooks used to deliver services necessary for continuous monitoring of the organization's information and operating technology systems.

+ Focus on protecting the confidentiality, integrity, and availability of information systems.

Continuous Monitoring Program Development:

+ Oversee third-party Cybersecurity Operations Center (CSOC) vendor performance to ensure SLAs and KPIs are met

+ Develop and execute the continuous monitoring program, aligning with the NIST Cybersecurity Framework.

1. Incident Response Capability:

2. Establish, maintain, and exercise an enterprise-wide 24x7 incident response capability.

3. Develop incident response policies, procedures, and services to investigate and contain cyber incidents impacting business information and industrial control systems.

4. Ensure incident response capability aligns with the NIST Cybersecurity Risk Framework.

5. Cyber Risk Assessment Guidance:

6. Provide guidance to line department staff performing cyber risk assessments, including threat workshops, threat scenarios, and risk scenarios.

7. Forensic Investigations:

8. Serve as the principal forensic technical investigator for cyber incidents.

9. Solution Design and Implementation:

10. Design and implement solutions for monitoring and responding to cyber threats and incidents.

11. Collaboration with OIG and PAPD:

12. Establish operational relationships with the Office of the Inspector General (OIG) for investigating cyber incidents.

13. Establish operational relationships with PAPD for investigating cyber crime that occurs outside of the area of responsibility of the OIG.

Additional Responsibilities:

Vendor and Performance Management:

+ Manage vendor relationships to ensure services align with agency requirements and industry best practices.

+ Conduct reviews, audits, and identify areas for improvement while ensuring compliance with contractual obligations.

Cybersecurity Threat Intelligence Management:

+ Develop and manage threat intelligence programs, integrating external threat intelligence sources and internal findings.

+ Collaborate with government agencies, industry groups, and private-sector organizations to stay informed about emerging threats and vulnerabilities.

+ Ensure effective sharing and dissemination of relevant threat intelligence within the organization.

Security Operations and Automation:

+ Continuously evaluate and improve security operations, leveraging automation tools to enhance threat detection, incident response, and operational efficiency.

+ Identify opportunities for process optimization through automation and advanced analytics.

Security Monitoring, Incident Detection & Threat Hunting:

+ Ensure proper integration of security monitoring tools (SIEM, IDS/IPS, Endpoint Detection and Response, etc.) to identify threats and vulnerabilities across the environment.

+ Monitor, review, and validate cyber alerts to assess the level of risk, ensuring timely detection and escalation.

+ Proactively look for emerging threats throughout the environment.

Cybersecurity Metrics and Reporting:

+ Develop and implement reporting frameworks to track key cybersecurity metrics (incident response times, threats detected, vulnerabilities, etc.).

+ Provide regular reports to senior leadership on the status of cybersecurity operations, incidents, trends, and effectiveness of strategies.

Team Leadership and Development:

+ Lead and mentor internal cybersecurity staff, ensuring high levels of skill development, training, and career progression.

+ Work with HR to recruit, hire, and retain skilled cybersecurity personnel as needed.

+ Foster a culture of cybersecurity awareness, collaboration, and continuous improvement.

Compliance and Regulatory Management:

+ Ensure cybersecurity operations comply with relevant regulations (e.g., NIST, GDPR, HIPAA, PCI, FISMA).

+ Participate in periodic audits and assessments to verify the organization’s cybersecurity posture aligns with regulatory requirements.

+ Support external audits and assessments of the organization’s cybersecurity posture.

Business Continuity and Disaster Recovery:

+ Collaborate with IT and business continuity teams to ensure incident response plans are integrated with disaster recovery and business continuity planning.

+ Participate in tabletop exercises and simulations to test the readiness of the incident response team and improve procedures.

Risk Management and Vulnerability Management:

+ Support proactive vulnerability management, ensuring vulnerabilities are assessed, prioritized, and remediated in a timely manner.

+ Assist in risk assessments to evaluate and prioritize cybersecurity risks across the agency.

+ Provide guidance on implementing risk mitigation strategies to reduce overall cybersecurity risk.

Change Management and Security Architecture:

+ Work with IT teams to ensure changes to the network and systems are reviewed for potential cybersecurity impacts.

+ Advise on security requirements and contribute to the design of secure system architectures and solutions.

Collaboration and Incident Coordination:

+ Serve as the Incident Commander for cybersecurity incidents, coordinating with departments and external partners (e.g., law enforcement, government agencies).

+ Coordinate and lead cross-functional teams during cyber incidents, ensuring proper communication, containment, remediation, and reporting.

Stay abreast of emerging and evolving cybersecurity threats

+ Actively seek out new information on emerging cyber threats

+ Maintain a level of awareness of cyber threats in order to proactively anticipate and prevent them by staying ahead of the curve.

+ Use threat intelligence sources, briefings, industry forums and other information sources to stay informed.

Minimum Qualifications:

+ A minimum of 10 years of experience in managing a Cybersecurity Operations Center (CSOC) or a security operations team.

+ Strong knowledge of the NIST Cybersecurity Framework, incident response, threat hunting, and risk management practices.

+ Familiarity with SIEM platforms, IDS/IPS, endpoint protection, and other cybersecurity monitoring tools.

+ Strong knowledge of the FEMA Incident Command System (ICS) and the ability to lead an ICS based incident response.

+ Experience in vendor management, contract negotiation, and performance monitoring.

+ Strong leadership and interpersonal skills, with the ability to lead and motivate teams effectively.

+ Excellent communication and presentation skills, with the ability to communicate complex security topics to non-technical stakeholders.

Desired Qualifications

+ Certifications in the Incident Command System (ICS) are highly desirable.

+ Professional certifications such as CISSP, CISM, CISA, or similar certifications are highly desirable.

+ Experience with incident response tools, forensic investigation techniques, and malware analysis.

Selection Process

The application process varies by position, but typically includes an initial phone interview for qualified candidates, followed by a more in-depth interview(s) and/or assessment(s). Selected candidates who are made a conditional job offer will be asked to undergo a background check.

Compensation & Benefits

The Port Authority of New York and New Jersey offers a competitive benefits package, hybrid work options for many positions, and a professional environment that supports development and recognizes achievement.

Click here (https://www.jointheportauthority.com/pages/working-here) for more information about benefits, our culture, and career development opportunities.

REQNUMBER: 63584

Manager, Cybersecurity Operations Center

Port Authority of New York and New Jersey

Jersey City, NJ

About the Company

Port Authority of New York and New Jersey