Cybersecurity Engineering Manager
If you’re good at what you do, you can work anywhere. If you’re the best at what you do, come work for Doma.
Want to infuse a $34B sector of the insurance and real estate industry with predictive analytics and a tech-forward customer experience? Join Doma and send an entirely new type of real estate model into the world.
Doma offers solutions for lenders, real estate professionals, title agents, and homeowners that make closings vastly simpler and more efficient, reducing cost and increasing customer satisfaction.
- Customer Obsessed – We always put our customers first.
- Solution Driven – We solve problems that other people are afraid to.
- People leaders – We grow all of our people into leaders.
- One Team – We believe inclusion and teamwork produce the best results.
- Direct with Respect – We communicate with honesty and respect to our colleagues, customers, and partners.
Reporting to the Director, Data & Cloud Infrastructure will actively participate in the cybersecurity programs strategic design as well as operational execution. Additional facets of participation include control design, implementation, and documentation and working with internal teams and external stakeholders on technical projects, sometimes as the single technical point of contact for one or more cybersecurity projects.
The Cybersecurity & Compliance Manager is responsible for performing various hands-on cybersecurity activities including controls analysis and implementation at every layer of the technology architecture (application, database, host, network) and conducting technical application & architecture design reviews and gap assessments to mitigate cyber risk. Additional responsibilities may include participating in cyber event/incident response, selection/implementation of appropriate security solutions, cybersecurity audit remediation follow ups, and other risk analysis activities as needed. The Cybersecurity & Compliance Manager promotes an efficient and secure technology environment in alignment with present and future cyber risks.
This is a unique opportunity to join a dynamic and growing team with a fantastic organization. In this role you will be exposed to various cutting-edge technologies, including various cloud platforms and the latest cybersecurity technologies to ensure their protection. Are you ready for the challenge?
- Bachelor's degree in computer science, information technology, management information systems, or a related study or equivalent experience.
- 8-10+ years Information/Cybersecurity experience with a minimum of 6 years of cybersecurity analyst, engineer, and/or architecture experience.
- Expert-level knowledge of cybersecurity, as well as industry trends.
- Expert-level knowledge and extensive experience working with various cybersecurity aspects of cloud environments including Microsoft Azure, O365, AWS or other similar relevant environments is highly desired.
- Expert-level knowledge and experience working with Microsoft Azure-ATP, Azure Information Protection (AIP), multi-factor authentication, CloudAppSec (MCAS), Defender for Endpoints, EOP-ATP, Sentinel SIEM, is highly desired.
- Strong knowledge and experience working as a cybersecurity engineer working with, securing, and extracting value from various technology systems including AV/EDR, DLP, Email filtering, Firewalls/IPS, MDM, SIEM, Vulnerability management, and Web content filtering systems.
- Expert-level knowledge and extensive experience in developing cybersecurity documentation and standards.
- Extensive experience conducting cyber event and incident analysis and consistently identifying root cause, or leading teams to identify root causes, as part of a CSIRP.
- Having an innate process-orientation and/or extensive experience working within a mature process-oriented culture/environment and being able to translate that skillset, is highly desired.
- Strong knowledge and experience with industry-standard risk/control frameworks: AICPA SOC 1 or 2, CIS Top 20, COSO, NIST, SOX, ISO 27001 etc. is a plus.
- Familiarity with SDLC, DevOps, as well secure software development practices and maturity models is a plus.
- Experience evangelizing cybersecurity practices across multiple technical teams.
- Experience in working with geographically distributed and culturally diverse stakeholders.
Event Monitoring & Incident Response:
- Lead the response to incident investigations. Identify the findings and associated mitigation and ensure timely implementation.
- Train and educate company personnel on incident response process, including periodic simulations and tabletop exercises.
Help design, coordinate and oversee the cybersecurity technology stack across relevant tiers (application, endpoint, database, network, etc.)
- Develop, implement, and oversee company policies and procedures to comply with applicable laws, regulations, and best practices in cybersecurity.
- Perform periodic internal audits and vulnerability assessments to check the effectiveness of implemented cybersecurity measures and controls.
- Coordinate and liaise with internal and external audit teams for conducting compliance audits.
- Collaborate with legal and compliance teams to interpret regulatory requirements and implement changes as needed.
- Ensure all compliance-related documentation, such as Data Protection Impact Assessments (DPIAs) and internal policies, are kept up-to-date.
- Prepare and distribute compliance training materials and conduct regular training sessions for all employees on compliance standards and procedures.
- Develop and implement a compliance risk assessment framework and regularly report to the management on compliance efforts and gaps.
- Lead in the implementation of corrective action plans for resolution of problematic issues identified during internal or external audits.
- Lead, manage, and mentor a team of cybersecurity analysts and engineers, providing clear objectives and monitoring performance metrics.
- Work closely with HR to ensure appropriate staffing levels and assist in the recruitment and selection process for new team members.
- Develop and manage budgets for cybersecurity and compliance programs, including monitoring expenditures and justifying variances.
- Foster a culture of continuous improvement and innovation within the cybersecurity and compliance teams.
- Regularly communicate to stakeholders and senior management on the status, metrics, and risks associated with cybersecurity and compliance initiatives.
- Participate in strategic planning sessions, providing insights on cybersecurity trends and compliance requirements that could impact business objectives.
- Plan and manage departmental projects, ensuring they are completed on time and meet objectives.
- Perform periodic performance reviews for team members and set individual goals aligned with departmental and organizational objectives.
- Ability to operate autonomously and create new, robust cyber risk analyses and results.
- Ability to communicate effectively regardless of the medium and initiate, lead and organize communications on significant milestones.
- Ability to initiate, lead, and organize communication on significant milestones.
- May independently own the design of specific cybersecurity technology strategies, tactics, and processes and oversee their implementation to achieve established goals.
- Advanced task/time management, process & project management, and business acumen (e.g. negotiation, influence, understand key business drivers etc.).
- Mentorship of team in key cyber risk analysis & project work.
LICENSES AND CERTIFICATES:
- One or more cybersecurity certifications desired: CISSP, CEH, CHFI, GIAC – GSEC, GCIH, or other relevant certifications a plus.
ESSENTIAL JOB FUNCTIONS/DUTIES:
- Participate in Information Security & Compliance team strategic design as well as day-to-day operational execution.
- Act as the single technical point of contact (sometimes as hands-on SME) for multiple Cybersecurity projects and work in coordination with management/project management to achieve cybersecurity OKRs.
- Act as incident lead to ensure relevant processes are being followed (e.g. CSIRP etc.) and that the incident response team is consistently and accurately identifying root cause of suspicious cyber activity.
- Oversee and participate in cybersecurity operations (event monitoring, incident response, threat & vulnerability management etc.).
- Follow established cybersecurity procedures and recommend improvements and/or develop new policies, processes, or procedures where necessary.
- Develop robust standard operating procedures for the team where gaps are identified.
- Stay abreast of new innovations and trends related to cybersecurity-focused technologies.
- Perform security architecture implementations and reviews as needed.
- Lead the evaluation and analysis of potential new security applications and systems and make recommendations to management.
- Communicate unresolved security exposures, misuse, or non-compliance situations to management.
- Other duties as assigned by supervisor.
Shown below is the lowest to highest base salary we in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee’s pay position within the base salary range will be based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, shift, travel requirements, sales or revenue-based metrics, any collective bargaining agreements, and business or organizational needs. At Doma, compensation decisions are dependent on the facts and circumstances of each case.
This job is also eligible for the following compensation components: Bonus & Equity
How we’ll value you and make your life a bit easier:
We offer a comprehensive package of benefits to eligible employees: medical/dental/vision insurance, 401(k), generous vacation time, and paid bonding leave.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.
We believe the most valuable investment we can make is to build an outstanding team of colleagues and leaders who are passionate about our mission.
We currently offer the following benefits to all Full-Time employees:
- Work/Life Balance - We encourage taking Paid Time Off (PTO)!
- 12 Weeks of Paid Family Bonding Leave (Maternity and Paternity)
- Incredible medical, dental, and vision benefits options to allow you to customize to you and your family’s needs that all start on your first day of employment
- Flexible Spending Account (FSA) & Health Savings Account (HSA)
- 401K with company match program
- Tuition Reimbursement
- Short-Term & Long-Term Disability
- Commuter Flexible Spending Account (i.e. Transit or Parking)
- Supplemental Life and AD&D Insurance
- Auto & Home Insurance Group Life Insurance
- Critical Illness, Injury and Hospital Insurance
- Pet Insurance
We believe in Equal Opportunity
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.