Are you someone who seeks opportunity and has a true desire to grow your career with an organization that has enriched the lives of its clients and communities in the Greater Washington region for more than 150 years? If so, Sandy Spring Bank may be the perfect fit for you!

Sandy Spring Bank is a growing financial services company focused on creating real experiences for our employees, clients, shareholders and communities. We are proud to have been certified as A Great Place To Work, recognized by The Washington Post and the Baltimore Sun as a Top Workplace, by Forbes magazine as the #1 Bank in Maryland. It is our employees who play an integral role in shaping who we are as a company and upholding what matters most to us: people and relationships.

To help us attract the highest quality individuals, we offer a comprehensive benefits package to those who qualify. We offer competitive market salaries, paid time off, multiple retirement savings options, full health care options, life insurance, health care and dependent care flexible spending accounts, career development opportunities, tuition assistance and volunteer opportunities. We are proud to offer those, and so much more, making Sandy Spring Bank a remarkable place to work and build a career.

About the Job:

Sandy Spring Bank is currently recruiting for a Cyber Security Operations Center Manager. Reporting to the Deputy CISO, the Manager, Cyber Security Operations Center (CSOC) is responsible for providing thought leadership, hands-on technical guidance, and strategic direction for all aspects of the Security Operations Center and Incident Response across the organization's ecosystem. Additionally, this position is responsible for the development and oversight of the CSOC program to ensure personnel are managed and operational efficiencies are maintained. The CSOC manager works with multiple technology platforms and interfaces with IT and Information Security groups within the bank, offshore partners, and other technology and business functions.

The role is technical, and candidates must possess a solid understanding of cyber security operations and have held positions as a CSOC Manager. Additionally, the role requires familiarity with recent threats and adversarial techniques, as well as the ability to quickly understand complex environments.

General responsibilities of this position include proactively identifying threats, analyzing threat actor campaigns, performing incident response, reporting, remediation and continuous assessment. The CSOC Manager must understand applications, operating systems, networking, cloud infrastructure and attacker tactics, techniques and procedures (TTPs). In addition, the role involves creating and maintaining Security Operations related policies, procedures, guidelines, and standards.

The security operations center team is expected to assist with strategic initiatives for short- as well as long-term plans to identify, respond, and defend the attack surface across applications and systems. The CSOC team takes an active lead to triage, investigate, respond, advise and partner with business units to help better secure their operations.

MAJOR JOB ACCOUNTABILITIES:

• Manage a team of associates and (potentially) onsite and offsite contractors to monitor for and respond to security events 24x7x365.
• Plan and execute incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Automate repetitive tasks and drive efficiencies so analysts can work on more advanced tasks.
• Develop and publish information security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
• Lead, conduct and coordinate annual Cyber Security Tabletop exercises
• Manage security events and incidents that occur across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.
• Conduct continuous threat hunting and assessment of enterprise-wide assets.
• Document, prioritize and formally report incidents, remediation recommendations and validation.
• Communicate incidents and investigative results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
• Evaluate, procure, and maintain tools and scripts used in the course of security operations center activities.
• Leverage industry blogs, news, vendor databases, and other sources to understand each threat, its probability and mitigation options, including vendor-supplied fixes and workarounds.
• Support internal and external auditors in their duties that focus on compliance and risk reduction.
• Work closely with infrastructure teams to advise and support detection and mitigation efforts to close exposures to new threats in the wild and verify the organization's security posture against them.
• Manage career development for a team of associates, including training and mentoring, conducting performance reviews and exhibiting behaviors to be modeled by team members.
• Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.
• Accountable for the timeliness and efficiency of SOC operations
• Establish, manage, and support delivery of key performance indicators (KPIs), metrics, and scorecards to measure risk to the organization, as well as effectiveness and efficiency of the SOC.

KNOWLEDGE, SKILLS, AND ABILITIES:

• B.A. or B.S. in Computer Science, Information Security, or related field is required.
• At least 7-10 years of experience in information security, engineering, and information technology.
• Minimum of 5 years hands on experience managing security information and event management (SIEM) systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), file integrity monitoring (FIM), data loss prevention (DLP) and other network and system monitoring tools.
• Minimum of 5 years supervisory experience and coaching, mentoring individuals to grow their career; specifically, within a 24x7 operational environment.
• Security certifications required. At least one or more of the following: CISSP, Security+, CISM, and/or SANS SOC Manager (GSOC), SANS Incident Handler (GCIH), SANS Intrusion Analyst (GCIA)
• Deep understanding of security technologies and concepts, SIEM, IDS/IPS, Operating systems, cloud environments, endpoint applications, networking protocols and devices and prior experience with architecting and deploying system logging mechanisms.
• Experience driving measurable improvement in monitoring and response capabilities at scale.
• Experience with Digital Forensics and understanding of chain-of-custody requirements during an incident.
• Prior experience working on a Red / Blue / Purple Team is desired.
• Ability to collaborate with technical and business teams in order to remediate vulnerabilities based on risk.
• Knowledge of regulatory frameworks and information security standards (e.g., NIST CSF, ISO 2700x, etc.), rules and regulations related to information security and data confidentiality (e.g., GLBA, SOX) and desktop, server, application, database, network security principles for risk identification and analysis.
• Understanding of OWASP, Cyber Kill Chain, the MITRE ATT&CK framework.
• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
• Experience in communicating business risk and remediation requirements from assessments.
• Analytical and problem-solving mindset, collaborative, highly organized and efficient.
• Excellent communication (oral, written, presentation), interpersonal and consultative skills.
• Self-Motivated and team-oriented with a high degree of initiative, dependability and ability to work autonomously and effectively coordinate and manage a geographically dispersed team.

SPECIFIC PHYSICAL REQUIREMENTS:

Work requires reasonable mobility in and around the work area. Ability to use standard computer and phone systems is required

WORKING CONDITIONS:

Normal office environment where there is almost no discomfort due to temperature, dust, noise, or other disagreeable elements.

Work includes little or no potential exposure to hazardous conditions.

Must be able to travel to remote company and/or client locations.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

Sandy Spring Bank provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

If you require a reasonable accommodation to apply for a position, please call our job line at 1-800-399-5919 and select option 5. Requests are considered on a case-by-case basis.

Sandy Spring Bank partners with various job boards to advertise our openings. Please visit our website, to confirm the validity of the job posting to avoid any potential fraudulent activity. We encourage and recommend all candidates to apply via our website.