Manager of Cybersecurity

Position Summary:

Serve as a technical lead within the Cybersecurity Department, supporting all aspects of HMMA’s cybersecurity program. Evaluate the current environment to identify gaps and enhance existing security solutions. Contribute to the design and implementation of new security architectures to advance program maturity. Provide incident response support as needed. Assist in preparing the department for internal and external security audits, including ISO 27001 compliance.

Essential Functions:

• Lead technical execution of cybersecurity initiatives, ensuring alignment with organizational goals and risk posture.
• Manage and oversee external IT security vendors responsible for security solution operations ensuring compliance, performance, and alignment with HMMA's cybersecurity program.
• Assist in building and maturing HMMA’s SIEM solution.
• Conduct gap assessments across IT and OT environments to identify vulnerabilities and recommend mitigation strategies.
• Design and implement scalable security architectures and controls to support business operations and regulatory requirements.
• Perform root cause analysis and forensic investigations during security incidents; coordinate with internal and external stakeholders as needed.
• Develop and maintain incident response playbooks and escalation procedures.
• Support audit preparation by organizing evidence, validating control effectiveness, and coordinating with auditors.
• Maintain documentation and processes required for ISO 27001 certification and ongoing compliance.
• Evaluate and recommend new cybersecurity technologies and tools to improve detection, response, and prevention capabilities.
• Collaborate with infrastructure and production departments to embed security into system design and lifecycle management.
• Implement and monitor threat intelligence sources to proactively address emerging risks.
• Assist in developing and enforcing cybersecurity policies, standards, and procedures.
• Provide technical mentorship and guidance to cybersecurity specialists.
• Participate in tabletop exercises, risk assessments, and business continuity planning.
• Track and report key performance indicators (KPIs) and metrics to measure program effectiveness. 
• Coordinate with legal and compliance teams on investigations involving data privacy or regulatory concerns.
• Support exception management processes by evaluating risk and documenting compensating controls.
• Administer, coordinate, and comply with all Business Management System (BMS), Environmental Management System (EMS), and Safety Management System (SMS) requirements.
• Meet all other requirements as assigned. 

Education:

• Bachelor’s Degree or equivalent experience
• Advanced degree desired 

Related Experience:

• 10 – 15 years of job related experience preferred
• 8+ years of cybersecurity experience desired
• At least 5 years of experience of SOC or ISO27001 program implementation 

Training / Certification:

• CISSP 
• CISA 
• SANS Certifications 

Skills / Knowledge:

• MS Word, Excel, PowerPoint
• SIEM
• Incident Response
• GRC
• Vulnerability Management 

Additional Information:

Position may require occasional travel (domestic or foreign). Flexibility in working hours to include weekends, holidays, and off shift. Position may require on-call duty or overtime due to overall responsibility.