Experience Inc. Jobs

Cybersecurity Threat Management Manager

Innovation and Technology

Lake Oswego, Oregon

NA, CA

NA, Arizona

NA, Colorado

NA, Idaho

NA, Nevada

NA, Oregon

NA, Utah

NA, WA

Description

About Us:

Umpqua Bank is headquartered in the Pacific Northwest with 5,000+ employees and offers banking services to customers throughout the nation. It’s an especially exciting time to join our team as, following the recent merger with Columbia Bank, we have grown to become a leading western-based regional bank with more than $50B in assets under management and an unwavering commitment to our associates, our customers, and our communities.

We create a great place to work by offering a special brand of relationship banking and by providing a culture where associates thrive. Associates who embody our core values fit in well here and we are eager to meet candidates who demonstrate behaviors that align with Trust, Ownership, Growth, Empathy, Teamwork, Heart, Enjoyment, and Relationships.

About the Role:

Lead a team of engineers who will oversee the cybersecurity threat management function that includes cloud security, application security testing, vulnerability management, penetration testing, bug bounty programs, configuration management compliance (on-prem/cloud), purple teaming, and breach and attack simulation. Serve as experts by defining, supporting, and managing solutions that partner with technology operations and application development teams to deliver business value for Umpqua Bank. Provide leadership, coordination and operations planning to accomplish department/corporate goals and objectives. Collaborate with peer and senior management to focus on service improvements for critical security control processes.

• Manage team activities and projects that support an internal and external threat management program.

• Drive vision and plans to implement, mature, and maintain application security testing services, vulnerability management, and penetration testing.

• Foster, cultivate, and mature purple team services including breach and attack simulation activities that drive overall control improvements across the organization.

• Partner with Cybersecurity Engineering and Cybersecurity Operations to advance use case detection and prevention capabilities.

• Oversee, manage, and deliver cloud infrastructure security policy within Azure to govern and maintain a secure environment through automation of our compliance objectives.

• Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing.

• Drive a culture ofDevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams.

• Support continuous delivery of vulnerability scanning, remediation, and reporting across various platforms and architectures

• Partner with technology teams to implement configuration compliance by leveraging technical knowledge and problem-solving skills in the network, database, server, and desktop technology areas in accordance with the secure SDLC process.

• Educate and train as needed on application development security practices, bringing theory to reality, and sharing knowledge that will elevate our development community.

• Collaborate with domain architects, application development teams, project managers, and other teams to provide technical cybersecurity expertise when needed.

• Develop and maintain security metrics and the communication of those metrics to Management.

• Manage vendor relationships to ensure business partner/customer satisfaction with all information system security services. Build and maintain effective working relationships with business partners.

• Manage departmental short-range planning including overseeing communication and training programs to increase awareness of information security concepts and responsibilities.

• Continually re-assess the status quo and consider alternative solutions. Keep abreast of best practices and apply as relevant to the organization. Lead change and adoption of new security processes and technologies.

• Demonstrates compliance with all bank regulations for assigned job function and applies to designated job responsibilities – knowledge may be gained through coursework and on-the-job training. Keeps up to date on regulation changes.

• Follows all Bank policies and procedures, compliance regulations, and completes all required annual or job-specific training.

• Maintain a working knowledge of Bank's written policies and procedures regarding Bank Secrecy Act, Regulation CC, Regulation E, Bank Security and other regulations as applicable to this job description.

• May be asked to coach, mentor, or train others and teach coursework as subject matter expert.

• Actively learns, demonstrates, and fosters the Umpqua corporate culture in all actions and words.

• Takes personal initiative and is a positive example for others to emulate.

• Embraces our vision to become “Business Bank of Choice”

• May perform other duties as assigned.

About You:

• Bachelor's Degree in Computer Science, related field, or an equivalent combination of education, training, and experience. Required.

• 4-7 years’ experience managing people or leading project teams, including proven experience providing effective coaching, feedback, and development plans to team members.

• 7-10 years proven track record of technical expertise in IT Security.

• Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)

• Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g., risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)

• Experience working with modern development practices (e.g., micro services, containers, orchestration, continuous integration & delivery pipelines)

• Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g., FFIEC CAT, NIST, ISO, and PCI)

• Demonstrated ability to resolve sensitive issues with other departments and to present information to senior management.

• Demonstrated analytical and problem-solving skills applied to both technical and business challenges.

• The ability to relate business requirements and risks to technology implementation of security-related issues.

• Knowledge of security monitoring, diagnostic and administrative tools.

• Knowledge and understanding of the secure integration of systems into the current network and server environment.

• Ability to train and present to small and large audiences or has the interest in learning to train and present.

• Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA

• Direct Resources Managed – 1-5.

Workstyle: Fully onsite.

Our Benefits:

We offer a competitive total rewards package including basewagesand comprehensive benefits. Thepayrange for this role is $100,000.00-$186,000.00, and the pay rate for theselected candidate isdependent upon a variety of non-discriminatory factors including, but not limited to, job-related knowledge, skills, and experience, education, and geographic location. The rolemay beeligible for performance-based incentive compensation and those details will be provided during the recruitment process.

We offer eligible associates comprehensive healthcare coverage (medical, dental, and vision plans), a 401(k)-retirement savings plan with employer match for qualifying associate contributions, an employee assistance program, life insurance, disability insurance, tuition assistance, mental health resources, identity theft protection, legal support, auto and home insurance, pet insurance, access to an online discount marketplace, and paid vacation, sick days, volunteer days, and holidays. Benefit eligibility begins the first day of the month following the date of hire for associates who are regularly scheduled to work at least thirty hours weekly.

Our Commitment to Diversity :

Umpqua Bank isan equal opportunityand affirmative actionemployercommitted to employing, engaging, and developinga diverse workforce.Allqualifiedapplicants will receive considerationfor employmentwithout regard to race, color,national origin,religion, sex, age, sexual orientation, gender identity, gender expression, protected veteran status, disability, or any other applicable protected status or characteristics.Ifyou require an accommodation to complete the application or interview(s),please let us know by email: [email protected] .

To Staffing and Recruiting Agencies:

Our posted job opportunities are onlyintendedfor individuals seekingemploymentat Umpqua Bank.Umpqua Bank does not accept unsolicited resumes or applications from agencies and Umpqua Bank will not be responsible for any fees related to unsolicited resume submissions.Staffing and recruiting agencies are not authorized to submit profiles, applications,or resumestothis site or toany Umpqua Bank employeeand any such submissionswill be consideredunsolicitedunlessrequesteddirectlyby a member of the Talent Acquisition team.