Department Leader - Attack Surface Management

Company: EDWARD JONES
Location: Saint Louis
Posted on: September 18, 2023

Job Description:

At Edward Jones, we help clients achieve their serious, long-term financial goals by understanding their needs and implementing tailored solutions. To ensure a personal client experience, we have located our 15,000+ branch offices where our more than 7 million clients live and work.

In a typical branch office, a financial advisor meets with clients and receives branch office support, so they can focus on building deep relationships with clients. Headquarters associates in St. Louis, Tempe and Mississauga provide support and expertise to help U.S. and Canada branch teams deliver an ideal client experience. We continue to grow to meet the needs of long-term individual investors.Team Overview :

In 2022, Edward Jones invested $ 1 billion in technology infrastructure, digital initiatives, and virtual business enablement tools. We're currently in the test and learn phase and are looking for talented, motivated professionals, that want to be part of this transformational journey. Cloud-based architecture and modern technical capabilities will enable us to grow our impact while providing the best client experience possible.

You may be surprised to know that Edward Jones employs thousands of technical resources - all focused on creating world-class experiences for our clients and branch offices. If you've considered Edward Jones in the past, it's time to take another look. We are in the midst of embracing a modern, cloud-based architecture and are looking for exceptional individuals that want to be a part of that future.

What you'll do :

As the Department Leader for Attack Surface Management, you are a key member of the Information Security leadership team. You will work with other leaders to make key decisions in protecting the firm from advanced cyber-attacks. This role will primarily focus on protecting and defending Edward Jones by utilizing scanners, penetration tests, and attack surface management platforms to identify and reporting on vulnerabilities in meaningful and actionable ways. This role requires a balance of technical expertise and clear communications under high pressure situations to effectively maintain control and lead across a multitude of teams. You will personally set the strategy for all capabilities within the Attack Surface Management organization, as well as serve as a partner for the various teams responsible for patching and remediation.

Here are a few of the key responsibilities you will be a part of :

• Responsible for the strategic and operational aspects of the vulnerability scanning, configuration scanning, security assessments, penetration testing, reporting, and dissemination functions
• Provide security services that align with business objectives and regulatory requirements
• Provide briefings for our CISO and stakeholders to keep them informed on the latest state of critical vulnerabilities and general state of patching
• Serve as the security leader for major or high-profile patching initiatives, such as critical 0-day vulnerabilities
• Provide timely and relevant updates to appropriate executives, leaders, and decision makers
• Set and implement a schedule for executing penetration tests against applications using a risk-based prioritization
• Schedule and oversee third-party, independent assessments of critical initiatives and environments
• Work as a partner with the Application Security Team to ensure streamlined reporting of vulnerabilities across the environments
• Ensure the development of processes and procedures to improve vulnerability management, configuration management, attack surface management, penetration testing, and reporting functions
• Establish meaningful KPIs for team performance & SLAs/OLAs with a mindset of continuous improvement
• Establish meaningful KRIs for identifying key areas of risk and working with Tech Risk Management and Enterprise Risk Management with a mindset of continuous risk management
• Recommend and help select new and emerging data-driven security solutions and technologies to improve the area and overall vendor management
• Develop relationships with external security organizations to maintain awareness of security issues and trends
• Train and mentor othersWhat you'll need :
  • Bachelor's degree and/or relevant work experience
  • 12+ years of professional experience within technology or related field including :
  • 6+ years in vulnerability management or penetration testing, as well as significant contributions to related strategies in those areas
  • 4+ years of management/leadership experience
  • Subject matter experience obtained by performing or leading activities in the following subjects :
  • implementing vulnerability scanners, implementing attack surface management platforms, managing configuration management programs, managing penetration tests, utilizing platforms for threat-based prioritization of patching and managing large-scale zero-day remediations
  • Ability to direct independently and to collaborate effectively with local and remote teams with a strong focus on performance and delivery
  • Advanced knowledge and understanding of security issues, risks, concepts, and terminology
  • Proven ability to effectively communicate vulnerability details, technical analysis, and prioritization decisions within all levels of the organization, as well as with external parties
  • Excellent interpersonal and organizational skills are needed to prioritize tasks and serve as a leader for enterprise security initiatives
  • While not directly responsible for patching, the candidate needs to be a strong leader that can partner with teams to drive patching and remediation efforts
    • 100 Best Workplaces for Millennials in 2022, published Fortune July 2022, Great Places to Work - data as of March 2022. Compensation provided for using, not obtaining, the rating.
      • Edward Jones was recognized as one of the Best Workplaces for Millennials by Great Places to Work - and Fortune - magazine. The privately held firm ranked No. 2 overall, in its fourth appearance on the list.2022 Fortune Best Workplaces for Women, published September 2022, research by Great Places to Work -, data as of August 2021. Compensation provided for using, not obtaining, the rating.
        Edward Jones has been named to the 2022 Best Workplaces for Women list by Great Places to Work - and Fortune - magazine, ranking No. 45.2022 Fortune's 100 Best Companies to Work For, published April 2022, research by Great Place to Work -, data as of August 2021. Compensation provided for using, not obtaining, the rating.

        For the 23rd time, Edward Jones has earned a spot on the Fortune 100 Best Companies to Work For - ranking by Great Places to Work - and Fortune - magazine. Edward Jones ranked No. 35 on the prestigious 2022 list.2022 Best Places to Work For LGBTQ+ Equality, Great Place to Work - in partnership with Human Rights Campaign Foundation, published Equity Magazine January 2022, data as of July 2021. Compensation provided for using, not obtaining, the rating.

        Edward Jones scored 100 percent on the Human Rights Campaign Foundation's 2022 Corporate Equality Index (CEI) the nation's foremost benchmarking survey and report measuring corporate policies and practices related to LGBTQ+ workplace equality. The ranking designated Jones as one of the best places to work for LGBTQ+Equality.Edward Jones does not discriminate on the basis of race, color, gender, religion, national origin, age, disability, sexual orientation, pregnancy, veteran status, genetic information or any other basis prohibited by applicable law.At Edward Jones, we value and respect our associates and their contributions, and we recognize individual efforts through a rewards program that promotes a long-term career, financial security and well-being. to learn more about our total compensation approach, which in addition to base salary, typically includes benefits, bonuses and profit sharing. The salary range for this role is based on national data and actual pay is based on skills, experience, education, and other relevant factors for a potential new associate:
        Salary: $131635 - $224136
        Category: Headquarters

Keywords: EDWARD JONES, St. Louis , Department Leader - Attack Surface Management, Executive , Saint Louis, Missouri