Security Staff Manager ( Platform Hardening )
Position Overview
At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company's success.
As a Security Staff Manager, you will be apart of the PNC's Enterprise Technology & Security organization. This is a remote position and can sit anywhere within the PNC footprint, except for Colorado, Hawaii, Alaska. There is limited expectation for regular in person, in office activities.
The Platform Hardening Security Staff Manager is a leader and subject matter expert who is primarily responsible for the technical identification and risk assessment of PNC's technology infrastructure platforms in the cloud. Responsibilities within this position will include:
• Manage and maintain a team of subject matter experts to deliver infrastructure security baselines for cloud environments. • Develop and maintain processes to identify infrastructure technology platforms requiring minimum security baselines. Actively maintain identification methods based on security landscapes. • Develop/document minimum security baselines (aka hardening guides) to minimize vulnerabilities based on industry/government-recognized and/or community-supported guidelines for best practices (eg. STIGs, CIS Benchmarks). Focus will be on cloud and container platforms (eg. Azure, AWS, Docker, Kubernetes, etc) but may broaden depending on need. • Work with Information Technology platform owners to implement secure baselines through policy development, as well as assist in the identification and risk assessment of gaps, document required exceptions, and develop any required remediation plans. • Follow and maintain change control processes for hardening.• Code policies and write tests for policies within cloud security frameworks.• Work with Information Technology partners to implement policy enforcement and runtime hardening compliance monitoring to hardening guides on a regular cadence.• Maintain security hardening baselines taking into consideration new cyber security threats, new technologies, and changes to business requirements.• Lead annual recertification efforts for developed baselines. • Actively participate in various Attack Surface Management strategy and governance projects, including policy and procedure development, exception reviews, and ad-hoc vulnerability assessments.
As an integral part of this dynamic and progressive team, you will assist in the enforcement of corporate-wide information security policies, guidelines and best practices. You will also provide technical advice to support internal Cyber Security teams on a wide variety of information security issues, concerns, and problems.
The ideal candidate will have the following qualifications:
• Ability to code/script in one of the following: Python, Java, C, or bash/PowerShell.• AWS or Azure Certification(s) -Fundamentals and/or Foundational• Illustrative projects that reflect understanding of event driven actions within a CSP• An understanding of security governance frameworks - e.g. NIST, ISO27001, FFIEC CAT, etc. • Experience writing to APIs for various platforms/services - e.g. Jira, ServiceNow, Slack.
PREFERRED skills:• Resource management with infrastructure technical teams.• Systems or Network administration experience would be a plus (e.g. Linux, Windows, Data Network).• AWS or Azure Certification(s) - Associate, Expert level
Job Description
- Manages a team that oversees the day-to-day operations and effectiveness of assigned security technology and programs.
- Manages resources that enables security control effectiveness with a team and technology.
- Monitor trends and continuously assesses staff/security system capabilities to meet business demands.
- Leads in policy development, audit mitigation, and other tasks related to securing and maintaining the operational health of the infrastructure. Evaluates security systems, teams and processes to provide recommendations to maintain continuity and operational health.
- Documents and revises procedures and playbooks for teams, processes and technology to provide a standard security practice and increase team effectiveness.
PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:
- Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
- Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.
PNC also has fundamental expectations of our people managers. As a manager of talent in PNC, you will be expected to:
- Include Intentionally - Cultivates diverse teams and inclusive workplaces to expand thinking.
- Live the Values - Role models our values with transparency and courage.
- Enable Change - Takes action to drive change and innovation that will transform our business.
- Achieve Results - Takes personal ownership to deliver results. Empowers and trusts others in decision making.
- Develop the Best - Raises the bar with every talent decision and guides the achievement of all employees and customers.
Competencies
Data Governance - Knowledge of and the ability to develop and maintain an organization's data in order to meet business requirements.
Information Assurance - Knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.
Information Security Management - Knowledge of and the ability to manage the processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
Information Security Technologies - Knowledge of technologies and technology-based solutions dealing with information security issues.
IT Environment - Knowledge of an organization's IT purposes, activities and standards; ability to create an effective IT environment for business operations.
IT Standards, Procedures & Policies - Knowledge of and the ability to utilize a variety of administrative skill sets and technical knowledge to manage organizational IT policies, standards, and procedures.
Knowledge of Organization - Knowledge of the organization's vision, structure, culture, philosophy, operating principles, values, and code of ethics; ability to apply this understanding appropriately to diverse situations.
Work Experience
Roles at this level typically require a university / college degree, with 5+ years of industry-relevant experience. At least 3 years of prior management experience is typically required. In lieu of a degree, a comparable combination of education and experience (including military service) may be considered.
Education
Associates
Additional Job Description
Base Salary: Commensurate with skills and experience.
Benefits
PNC offers employees a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include medical/prescription drug coverage (with a Health Savings Account feature); dental and vision options; employee and spouse/child life insurance; short- and long-term disability protection; maternity and parental leave; paid holidays, vacation days and occasional absence time; 401(k), pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption assistance; educational assistance and a robust wellness program with financial incentives. To learn more about these and other programs, including benefits for part-time employees, visit pncbenefits.com > New to PNC.
Disability Accommodations Statement:
The PNC workplace is inclusive and supportive of individual needs. If you have a physical or other impairment that might require an accommodation, including technical assistance with the PNC Careers website or submission process, please call 877-968-7762 and select Option 4: Recruiting or contact us via email at [email protected].
The Human Resources Service Center hours of operation are Monday - Friday 9:00 AM to 5:00 PM ET.
Equal Employment Opportunity (EEO):
PNC provides equal employment opportunity to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law.
California Residents
Refer to the California Consumer Privacy Act Privacy Notice to gain understanding of how PNC may use or disclose your personal information in our hiring practices.