Security Operations Manager

KEMET, a subsidiary of YAGEO Corporation (TAIEX: 2327) and part of the YAGEO Group, helps our customers build tomorrow with the broadest selection of capacitor technologies in the industry, along with an expanding range of electromechanical devices, electromagnetic compatibility solutions and supercapacitors. With over 100-years of making the world a better, safer, and more connected place to live, our vision is to be the preferred supplier of electronic component solutions demanding the highest standards of quality, delivery and service.

Position Summary:

The Security Operations Manager is an advanced, hands-on practitioner and representative of the Information Security Team. The role is primarily responsible for providing operational and tactical direction to a geographically diverse team of analysts and security administrators. The Security Operations Manager leads the team through the information security program by establishing highly effective policies and procedures, with appropriate collaboration among teams.

The Security Operations Manager is a highly respected, influential, and in-demand role within the business. The role supports the security strategy within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements. The Security Operations Manager must possess a strong technical background and understand risk, mitigation, and technical controls. The role is expected to lead a team that performs technical work and must possess leadership qualities.

This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level. The role requires the ability to speak confidently in front of large groups and with corporate management, vendors, and service providers. The Security Operations Manager also contributes to the company IT security strategy and roadmap.

As a primary point of contact for security incident response, the Security Operations Manager monitors progress and enforces resolution of outstanding issues that may indicate or lead to security threats to the business. As a key member of the security team, the individual must focus on effective and repeatable responses to security incidents and requests from business users.

This is a people-leader position and requires a people-first approach. The successful individual will be a mentor to staff on the security team and elsewhere in the business, placing a high priority on employee retention. The Security Operations Manager supports the strong security culture organization-wide.

• Influences internal and external constituents, and relays best practice recommendations based on the evolving threat landscape to protect intellectual property and business operations.
• Motivates employees to maximize rigorous system security controls, focusing on reducing complexity and maturing security practices.
• Actively recruits and leads by example to create a culture where employees want to work. Leads with humility and is respectful to all. Connects with higher education to build a pipeline of interns and future employees.
• Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization. Serves as a primary point of contact and subject matter expert for logging and monitoring security-related events throughout the business.

Essential Functions:

• Monitor security systems and provide early response to potential threats.
• Analyze technologies and establishes highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into company networks and systems.
• Support automation and orchestration to maximize team talent and reduce routine tasks.
• Drive creation of countermeasures to protect company personnel and information assets.
• Take ownership of a comprehensive logging and monitoring methodology for the enterprise.
• Document, prioritize, and formally report incidents, root cause analyses, and after-action reviews.
• Coordinate between internal and external resources protecting enterprise systems. Manage related third parties to ensure Service Level Agreements, expectations, and contractual requirements are being achieved.
• Manage Security Administrators responsible for firewalls, network and host intrusion prevention/detection systems, virtual private networks, threat intelligence platforms, endpoint protection, email security, forensic tools, public/private/hybrid cloud infrastructure, identity and access management systems, and physical security systems.
• Work closely with system owners to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
• Provide support to business groups launching new technology applications and services to verify that new offerings are effectively logging and reporting activity.
• Communicate incident activity in a manner understood by technical and non-technical business units, and gain support through influential messaging.
• Defines key performance indicators and metrics that align with business initiatives and delivers them to non-technical individuals in an effective, understandable manner.
• Collaborate with security groups such as red teams, threat intelligence, and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface.
• Periodically attend and participate in change management policy discussions and meetings.
• Understand breach and attack simulation solutions to validate and improve the effectiveness of preventative controls and incident response.
• Work as a team to consistently learn and share advanced skills and foster team excellence.
• Perform other duties as assigned.

Competencies:

• Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
• Deep understanding of IOCs and experience reverse engineering malicious code.
• Up-to-date understanding of a wide range of incident response, system configuration, and hardening guidelines.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
• Strong believer in enhancing employee skills and promoting training.
• Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats.

Education and Experience:

• Higher education with a technical focus such as information security, IT, management information systems, or equivalent industry experience.
• 7+ years’ information security experience with at least 3+ years exposure to various security frameworks.
• CISSP, CRISC, CGEIT, GRCP, or PMP preferred.
• Experience with and understanding of various regulatory requirements, laws, and security frameworks, including but not limited to: NIST, ISO 27001, PCI DSS, HIPAA, HITECH, SOX, GDPR, CCPA, CIS, or SOC 2.
• Preferably some experience with vulnerability management across cloud environments such as Microsoft Azure, Amazon Web Services, or Google Cloud Platform.
• Prior experience with firewalls, privileged access management, systems and vendors is a plus.

Physical Requirements:

• Remains in a stationary position, often standing or sitting for prolonged periods.

This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities
that are required of the employee. Duties, responsibilities and activities may change, or new ones may be assigned at
any time with or without notice.

KEMET does not discriminate on the basis of race, color, age, sex, gender, sexual orientation, gender identity and
expression, ethnicity or national origin, disability, pregnancy, religion, political affiliation, union membership,
protected veteran status, protected genetic information, marital status or any other characteristic protected by
applicable federal, state or local law, in making employment decisions including but not limited to hiring, wages,
promotions, rewards, and access to training. Qualified applicants and workers shall be provided with reasonable
accommodation for disability and religious practices.

Qualifications

Skills

Behaviors

Motivations

Education

Experience

Licenses & Certifications

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)