Share this Job

ORBIA Threat and Vulnerability Management Senior Manager (REMOTE)

Orbia Advance Corporation is a Purpose-led company with big aspirations. We are out to advance life around the world while maximizing value to our shareholders, customers and employees. The Company is passionate about the topics that define how people will live and thrive tomorrow: the future of cities, buildings, agriculture, and materials. Orbia Advance Corporation has five business groups which offer innovative solutions across multiple industries including building and infrastructure, data communications, chemicals and more. In 2018, Orbia Advance Corporation bought a majority stake in Israeli-based Netafim, the world’s leader in drip irrigation, and is helping the world ‘grow more with less’ as it helps to solve food and water scarcity. Orbia Advance Corporation has operations in 41 countries with more than 22,000 employees.

We started as a producer of commodities and have evolved to become a provider of innovative solutions that address the global issues of rapid urbanization, water and food scarcity, and a growing and aging population. We’re already a global leader in Polymers, Fluor, Building & Infrastructure, Datacom, and Precision Irrigation. We have embarked on a CEO-led transformation, as part of our journey to become a truly purpose-led, future fit company.

 

ORBIA Threat and Vulnerability Management Senior Manager

 

MAIN PURPOSE

 

The Senior Manager, Threat and Vulnerability Management (TVM) provides operational oversight for the vulnerability management function across Orbia’s environment globally. The Senior Manager will be responsible for ensuring the ongoing comprehensive analysis and remediation of cybersecurity vulnerabilities and other risks found on Orbia’s networks and systems. This role will lead and execute on a vulnerability management strategy enterprise-wide, driving and implementing global best practices and organizational standards. This role will have a global footprint, including enterprise IT systems, public-facing infrastructure and applications, DMZ systems, cloud assets and operational technology.

 

This role oversees the full lifecycle of the vulnerability management program, including developing and implementing Orbia’s patch policy, managing Orbia’s scan cadence, governing remediation workflows and performance measurement, and managing exception tracking, such as risk acceptance or compensating controls This role will work closely with our IT teams on vulnerability management enablement, including building knowledge bases for remediation, defining patch windows, prioritizing vulnerabilities for remediation, and categorizing Orbia assets based on criticality.

 

This role has direct responsibility for both vulnerability management services performed by external providers, as well as our vulnerability management technology stack. This role will work closely with Orbia’s service providers to operate and manage our vulnerability management toolsets and will liaise with IT teams internally to drive remediation and hardening of our assets. The Senior Manager should consider and incorporate relevant open-source and proprietary cyber threat intelligence related to vulnerabilities and current exploit campaigns.

 

This role will also influence the TVM maturity roadmap, including leading innovation/automation initiatives to increase efficiency and reduce cost associated with vulnerability remediation. In the future, this role could also expand to include additional offensive security scope, such as penetration testing and red/purple team exercises.

 

This role will work collaboratively with peers in the cyber threat operations team, including helping to contextualize detection and response efforts with relevant vulnerability data, and participating in cyber crisis command activities in case of a critical 0-day/emergency remediation.

 

MAIN RESPONSIBILITIES

•             Provide leadership and oversight for the threat and vulnerability management (TVM) program within Orbia.

•             Define global TVM strategy in conjunction with global IT teams, to include patch policy, scan cadence, and remediation strategy.

•             Streamline TVM activities across disparate business groups and execute on a global strategy and standards.

•             Interface with IT stakeholders in each of Orbia’s business groups and at the corporate level to drive vulnerability management strategy and execution.

•             Support system owners by assisting with analyzing scan results and by providing thought leadership in developing mitigation strategies.

•             Oversee the execution of SOW activities for vulnerability management from Orbia’s service providers.

•             Create and disseminate operational and executive-level reports on the TVM program to stakeholders involved in remediating vulnerabilities.

•             Maintain TVM program documentation, including Standard Operating Procedures, for optimal operational effectiveness.

•             Measure and track key performance metrics for the TVM program and implement strategies for improvement to better secure Orbia’s environment.

•             Consider and recommend new tools or strategies to enhance Orbia’s TVM program, automate remediation activities, and increase efficiencies.

•             Collaborate with relevant engineering/architecture teams to influence TVM strategy, including the selection of agent-based or passive scanners, configuration changes as compensating controls, etc. Develop and implement key TVM processes, such as exception tracking, change approval, and emergency/priority 1 vulnerability remediation.

•             Develop and implement specialized TVM workflows, such as defining when/how to scan new public-facing web apps or critical operational technology.

•             Stay abreast of new vulnerabilities, threat intelligence and exploits in the wild, as well as industry norms and trends.

•             Evaluate new vulnerability intelligence, contextualize with relevant Orbia-internal asset information, and prioritize vulnerabilities requiring emergency remediation.

•             Integrate the TVM program into Orbia’s cyber crisis command structure for emergency remediation activities.

 

KNOWLEDGE REQUIRED

-              Familiarity with relevant regulations, such as SOX, GDPR / data privacy, PCI-DSS, etc.

-              Relevant security certifications (e.g. CISSP, GEVA, CEH, etc.)

-              Knowledge of international security framework and standards, such as ISO27001, NIST, CIS20, and assurance reporting standards such as ISAE3402

-              Deep technical knowledge of security solutions and architecture principles and processes

-              Knowledge of programming languages, such as Python

-              Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

-              Knowledge of application security and secure software development practices (including within CI/CD pipelines)

-              Knowledge and familiarity with Operational Technology (OT)/ICS/SCADA environments

-              Ability to build strong partnerships in a matrixed environment.

-              Excellent communication skills, written, verbal

-              Ability to learn, grow and take on expanded duties as business needs evolve

-              Excellent leadership skills and ability to communicate and influence at all levels and inspire through leadership to develop individuals and teams.

-              Superb judgment and integrity, including excellent decision-making skills and a sense of urgency

-              Bachelor degree required. Master’s degree in Computer science, Engineering or Business preferred

 

EXPERIENCE REQUIRED

-              10+ years of experience in cybersecurity or risk management

-              2+ years of leadership experience

-              Experience conducting vulnerability scans, including configuration and use of such tools as Qualys, Rapid 7, or Nessus

-              Experience in analyzing and remediating scan results, including making determinations on risk acceptance and compensating controls

-              Experience in infrastructure or application-level architecture and design with detailed knowledge of system security vulnerabilities, exploits, and remediation techniques

-              Experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, and application security

-              Experience in managing projects and proven organizational skills

-              Experience working in large global manufacturing companies

 

 

 

Our Global brands: Dura-Line, Koura Global, Vestolit, Netafim, Alphagary, Wavin.

They offer a broad range of value added solutions and finished products that contribute to customers’ success and ultimate improve the quality of life for people around the world. Along its commitment to good citizenship, Orbia Advance Corporation delivers Total Value to customers, employees and investors worldwide, every day.

Boston, MA, US, 02101