Security Operations Manager at cimgroup

ABOUT CIM GROUP: CIM is a community-focused real estate and infrastructure owner, operator, lender, and developer. Our team of experts works together to identify and create value in real assets, benefiting the communities in which we invest. Back in 1994, our three founders focused on projects in Southern California neighborhoods. Today, we are a diverse team of 900+ employees with projects across the Americas. Our projects have delivered jobs; created comfortable places to live, work, and relax; and provided necessary and sustainable infrastructure. Our focus on enhancing communities is unwavering, and we strive to make an even greater impact in the years to come. Join us and make an impact today! ESSENTIAL FUNCTIONS: Security Operations & Incident Response • Ensure security alerts and anomalous activities are continuously monitored, accurately logged, and escalated in accordance with established procedures. • Lead and coordinate timely, effective response to cybersecurity incidents to minimize business impact. • Support restoration of affected systems and services following cybersecurity incidents, including leading forensic investigations as required. • Research emerging threats and attack vectors, and implement appropriate countermeasures to continuously strengthen the organization’s security posture. • Coordinate internal and external penetration testing activities to identify and remediate exploitable weaknesses. Risk Management, Controls & Assurance • Ensure protective security controls are implemented and operating effectively to reduce risk exposure. • Coordinate with compliance and IT teams to design, implement, and maintain operational security controls. • Support asset cataloging and ownership alignment to ensure accountability for systems, data, and security controls. • Execute quarterly User Access Reviews across the application portfolio in an efficient manner. • Respond to external audit and compliance questionnaires, providing accurate and timely security documentation and evidence. Security Awareness & Enablement • Ensure employees, vendors and/or contractors with access to systems and data are appropriately trained in relevant security awareness and individual security responsibilities. • Design, manage, and enforce the organization’s security awareness program, including the execution of recurring phishing simulation campaigns. • Support the development, testing, and ongoing improvement of Disaster Recovery plans to ensure the organization can effectively respond to and recover from disruptive events, including cybersecurity incidents. • Serve as a trusted security advisor to internal teams, raising awareness and providing guidance to help protect products, systems, and services from known and emerging threats. NON-ESSENTIAL FUNCTIONS: • Ability to produce executive reporting to illustrate Cybersecurity posture and areas for improvement. • Ability to communicate and present ideas and recommendations effectively to Technology management. • Ability to translate Cybersecurity information into a manner that end users can understand. SUPERVISORY RESPONSIBILITIES: • None. EDUCATION/EXPERIENCE REQUIREMENTS: (including certification, licenses, etc.) • Minimum 8 years of Cybersecurity analyst/management experience. • Bachelor’s Degree in a technical field required. • CISSP or CISM certification strongly preferred. • Formal training in Cybersecurity governance, risk, and compliance (GRC). • Understanding of Cybersecurity communities (OWASP). • Understanding of SOC 2, SOX, NIST, and GDPR compliance. KNOWLEDGE, SKILLS AND ABILITIES: • Expert knowledge of information security principles, practices, and architectures. • Expert knowledge with Threat Detection, Email Security, DLP, Data Governance tools such as Proofpoint, MS Defender, or Mimecast. • Hands-on experience with the development of Cybersecurity Training and Phishing Campaigns. • Experience with leading Disaster Recovery programs. • Experience with Vulnerability Management Platforms such as Rapid7 and Qualys. • Experience with Patch Management platforms such as SCCM and Ivanti. • Understanding of supporting technology audits and testing technology controls. • Understanding of cloud environments such as Azure, SalesForce.com and Office365. PERFORMANCE METRICS: • Regular reporting of key Cybersecurity metrics for the company to executive management. • Year over year Improvement of scores within the vulnerability management platform. • Meet all compliance requirements related to Cybersecurity. • Timely completion of preventive Cybersecurity measures such as User Access Reviews, End User Cybersecurity Training, and Phishing Campaigns. • Reduction of Cybersecurity issues uncovered by 3rd party security testing and compliance audits. • Disaster Recovery readiness score. HOW WE FEEL ABOUT DIVERSITY AND INCLUSION: At CIM Group, we believe that the unique perspectives and backgrounds of our employees enhance everything we do. We are committed to fostering an inclusive environment where diversity is not only respected but celebrated. We strive to ensure that our workplace is free from discrimination and harassment, allowing everyone to contribute meaningfully and feel a sense of belonging. As an equal opportunity employer, we strictly prohibit any form of unlawful discrimination and adhere to the laws enforced by the EEOC. Our goal is to provide a safe and supportive environment where all employees can grow and make impactful contributions together.   *Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on CIM Group. Please inform our Talent team if you need any assistance completing any forms or to otherwise participate in the application process. CIM is committed to maintaining the confidentiality and privacy of your personal and financial information. Please click here for our Privacy Policy. CIM does not accept unsolicited resumes from Agencies.  Any unsolicited resumes received from Agencies will be considered property of CIM and no fees will be due or paid.  If you wish to become an approved Agency with CIM or any of its Affiliates, please contact a member of the CIM Talent Acquisition Team.