Security Manager

At DAVIS, we're redefining the way people experience construction by building success for all.

A Security Manager in the DAVIS Business Solutions department is responsible for overseeing and managing the cybersecurity strategies and compliance with required cybersecurity related laws, regulations and frameworks within DAVIS.  Their primary role is to safeguard sensitive systems, ensuring the availability, integrity and confidentiality of technology infrastructure and the applications and data within.  Their primary responsibility is to ensure DAVIS is proactive in protections against internal and external threats and within compliance to business and required external requirements.

ESSENTIAL DUTIES + RESPONSIBILITIES

• Develop, implement, and monitor a comprehensive cybersecurity program designed to meet business requirements and comply with applicable laws and regulations.

• Sets security strategy, prioritizes initiatives and proactively leads security efforts.

• Identify, develop and deploy security technologies and tooling.

• Ensures security implementation efforts across multiple functional teams are properly vetted.

• Architect secure networks and systems aligned to industry best practice and guidance from certified industry standards.

• Conduct risk assessments, threat analyses, and security audits to identify vulnerabilities and mitigate risks.

• Identify security gaps and develop mitigation strategies.

• Monitor systems for suspicious activities or anomalies using Security Information and Event Management (SIEM) tools.

• Manage the response to any cyber incidents, including conducting a thorough investigation and ensuring corrective measures are taken.

• Generate security reports and provide actionable insights to stakeholders.

• Perform root-cause analysis and implement preventive measures.

• Ensure compliance with standards as required by the business such as NIST Cybersecurity Framework and understand requirements controls for SOC 2.

• Adhere to and reinforce corporate security policies and industry best practices in day-to-day operations and interactions with end users.

• Monitor for security vulnerabilities and coordinate with Security Awareness Program and Business Solutions Teams to address them.

• Conduct assessments and audits to measure the efficiency of our compliance and security systems.

• Coordinate with departments to ensure cybersecurity awareness and compliance.

• Manage relationships with third-party vendors and service providers to ensure they comply with the company’s cybersecurity policies.  Ensures proper review of vendor-based security documentation, to include during the vetting of new solutions.

• Manage security vendor stack.

• Communicate with vendors for technical support or to report bugs.

• Provide feedback to vendors for tooling improvements.

• Responsible for licensing, renewals, pricing and annual budgeting process

• Responsible for participating in departmental program management in areas such as: Asset Management, Business Intelligence, Business Continuity and Disaster Recovery, Security Awareness, and Systems Maintenance.

• Complete Project Charters, ensuring requirements are fully captured and that schedule and resources are fully identified.

• Monitor project progress to ensure alignment with requirements.

• Assist in providing post-implementation support to address feedback and issues.

• Maintain detailed documentation of security configurations, changes, and procedures.

• Document resolutions to technical problems for future reference.

• Maintain clear and concise documentation for developers, testers, and stakeholders.

• Maintain detailed documentation of application configurations, changes, and procedures.

• Document resolutions to technical problems for future reference.

• Create and oversee the implementation and management of security and compliance policies and procedures.

• Helps develop end user education materials with presentation skills capable of assisting the lead in effective classroom education sessions and presenting security solutions and protocols.

• Collaborate within Business Solutions Teams to embed security into solutions development and deployment processes.

• Train staff on security awareness, best practices and industry guidelines.

• Stay updated on information technology security trends, technologies, and best practices.

• Provide insights into how emerging technologies can solve security challenges.

• Stay up to date with external security and compliance regulations, data privacy and security best practices.

• Operates independently and makes strategic decisions for complex, critical security processes.

• Participates in annual Performance Appraisal process as a Primary Reviewer.

DAVIS COMMON ATTRIBUTES

• SAFETY – Consistently works within DAVIS safety standards; promotes safety as a priority with coworkers, subcontractors and external clients.

• TEAM COLLABORATION – Works effectively within their own team and across the organization; promotes team atmosphere and culture; has a positive, can do attitude.

• COMMITMENT TO QUALITY – Applies DAVIS standards to produce high quality work on a consistent basis; produces work that is accurate and reliable, actively demonstrates excellence in service; builds and maintains integrity as a core function of their job and in their relationships with others.

• CHAMPIONS DAVIS BUSINESS – Consistently markets DAVIS business within the scope of their job; actively seeks and/or supports new business opportunities; actively builds relationships and encourages others to do the same.

KNOWLEDGE, EXPERIENCE + SPECIAL SKILLS

*Required

• Bachelor's degree in Cybersecurity, Computer Science, Information Security or related field or demonstrated experience in providing information technology security*

• Seven (7) + years related information security, cybersecurity experience

• Hands-on experience with security tooling, to include SIEM, EDR, MDR*

• Expertise in network protocols and security principles (VPN, SSL/TLS, TCP/IP, etc.)

• Strong knowledge of various cybersecurity frameworks and standards (NIST, ISO, etc.)

• Strong understanding of risk management and incident response procedures

• Ability to work independently and within a team environment and show initiative to take on responsibility when not asked*

• Decision making, research and analytical problem solving skills*

• Time management with the ability to organize, assess and prioritize multiple tasks, projects, and demands, and to work independently*

• Strong verbal and written communication skills and effective interaction at all levels within the organization*

• MS Office – Microsoft Word, Excel, Power Point, Outlook and Teams experience*

• Preference given to those with CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), DEC (Certified Ethical Hacking), CompTIA Security+ or other relevant certifications

PHYSICAL JOB DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. The employee is responsible to maintain fitness-for-duty while holding the above described position and should be able to perform the essential tasks of the position in a safe, appropriate and effective manner. This refers to the physical, mental and emotional duties of the job.

Reaching above and below, stooping, kneeling, crouching, and bending. The employee must occasionally lift/carry/move up to 25 pounds. Manual dexterity to operate office equipment, file, and perform specialized skills. Needs a high degree of concentration in a busy office environment.

WORKING CONDITIONS

Work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. This position may require some travel for conferences, educational sessions, and other company events. The noise level in the office work environment is usually moderate.

NOTE:             The above statements are intended to describe the general nature and level of the work being performed by people assigned this job. They are not exhaustive lists of all duties and responsibilities, knowledge, skills, abilities, physical job demands and working conditions associated with the job.

The base salary (or hourly) range for this position is

DAVIS is committed to providing our employees with a competitive total compensation package that enhances your quality of life. DAVIS offers a 100% employer-paid health care plan (to include family), life insurance, short- and long-term disability benefits, and an annual contribution to your HSA. DAVIS also offers annual incentive bonus, paid time off + annual holidays, financial benefits (401(k), Roth, and ESOP), FSAs, fertility and family-forming assistance, and continuing education. Additional benefits include Employee Assistance Program (EAP), on-site fitness center, and parental leave. Eligible employees are provided a company vehicle or an auto allowance to support business activities.

The compensation and benefits information are provided as of the date of this posting. Benefits and incentive compensation may be subject to applicable eligibility. DAVIS reserves the right to modify compensation and benefits at any time, with or without notice, subject to applicable law.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

At DAVIS, our vision is to build a culture that is innovative, connected, and balanced.