Director of Threat Management
Job Summary
Director Threat Management is responsible for leading and directing the Threat Management team in addition to correlating tactical and strategic intelligence on an operational basis to produce finished intelligence products that are relevant and actionable. This position is responsible for the implementation and application of the Intel lifecycle process. This position relies on CNA's Threat Management System such as a Threat Intelligence Platform (TIP) and follows established Threat Intelligence Framework and supporting toolsets to validate collections perform fusion analysis and produce Intel products that are coordinated properly across the Information Security team. This position is also responsible for driving "immediate action" by providing Intel products and subsequently coordinating any actions that can reduce exposure and risk of emerging threats based off the Priority Intelligence Request (PIR). Additional responsibilities include maintenance of the Common Operational Threat Picture (COTP) and managing the relationship with the Community of Interest (COI).
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
- Leads the effort to create a Threat Management program which includes playing a key role in developing and maturing a Threat Intel Threat Hunt and Threat Vulnerability capabilities.
- Develops and manages intelligence-driven Threat Management team and initiatives that will strategically advance the CNA's cybersecurity capabilities and reduce long term risk
- Produces finished intelligence products based on tactical and strategic intelligence correlation to amplify context and relevancy of threats
- Manages the Threat Intelligence Lifecycle throughout CNA
- Develops maintains and executes threat and risk communication processes both internal and external to CNA
- Demonstrates and applies subject matter expertise in a variety of information security disciplines both technical and non-technical
- Actively contributes to the development of technology and related process that will support CNA's "COTP" to enhance organization-wide threat awareness
- Employs predictive analytic methods to determine changes in adversary's capabilities motivations and intent-while providing recommendations to reduce risk before exposure to threats occur
- Supports the Security Operations team's daily operations and existing processes by aligning cyber threats to organizational impact
- Creates and presents custom threat briefing materials to cybersecurity leadership for operational situational awareness
May perform additional duties as assigned.
Reporting Relationship
Typically AVP or above
Skills Knowledge & Abilities
- Ability to work independently and function effectively as part of a team in a dynamic environment
- Expertise in understanding and applying the intelligence lifecycle and using TIP technology
- Experience assessing technical intelligence collection and analytic products including behavioral analysis and reverse engineering outputs from researcher teams or automated sandbox testing
- Project management experience or comparable leadership role
- Expertise in using a wide variety of analytical techniques used to determine and communicate trends and patterns identify anomalies and develop defensible judgments and conclusions
- Extensive knowledge of business functions customer services and technology infrastructure
- Proficient in technical writing and verbal/presentation of complex data and/or information to c-suite personnel
- Strong analytic tradecraft skillsets with extensive experience in the aggregation and correlation of both strategic and tactical intelligence
- In-depth knowledge of the current cyber threat landscape coupled with the ability to quickly determine how threats can or will impact the organization
Education & Experience
- Bachelor's degree in Computer Science or related discipline or equivalent work experience.
- Typically a minimum of ten years' related work experience in Information Technology preferably with seven years of direct experience actively utilizing threat intelligence to reduce risk and threat exposure.
*LI-KC1