Copy of IT Security Operations Manager

Role Summary
The IT Security Operations Manager will be responsible for the development, delivery and management of IT security operations for the Corporate IT department at Udemy. This is a hands-on role that will be part of the IT engineering team responsible for the IT services stack of applications and end user compute environments. This person will partner with the Sr. Manager of IT Engineering Operations and the information security team to deliver security operations that align with the organization's governing information security policies and guidelines.
Here's What You'll Be Doing:

• Develop, manage and own the vulnerability management program for corporate IT with willingness to step in and assist with resolutions and administration as necessary
• Work with the IT system engineers to understand current patching operations and develop a patch management program for corporate IT that aligns with information security requirements
• Ensure IT systems and operational processes are in alignment with regulatory and compliance requirements and information security guidelines and policies
• Perform daily security operations tasks such as monitoring IT systems, working IT security related end user requests, resolving unpatched or vulnerable assets, and responding to alerts or incidents
• Create and take ownership of procedures for IT security operations
• Review all IT standard operating procedures for security posture, uniformity, ownership and annual reviews
• Establish and maintain a schedule of security reviews for corporate IT (i.e. service accounts, software, privileged access, SOPs)
• Act as corporate IT point-of-contact for compliance and audit requests; including gathering requests, reviewing requests for accuracy and completion, ensuring timely submittals, and streamlining the process (i.e. creating a central repository, documenting common requests, enabling compliance to pull their own reports where appropriate)
• Analyze the full stack of Corp IT systems to determine criticality, data classifications, regulatory requirements, and security posture
• Identify the corporate IT critical systems that would benefit from log ingestion into SIEM solution and configure the proper monitors, alerts and procedures
• Partner with information security team on adoption, implementation and support of security initiatives/projects/requests
• Own and manage the security operations for the corporate IT stack of applications
• Perform assessment of Google Workspace environment; make necessary changes to harden environment and conform with security policies for data retention, data loss prevention, data protection, spoofing, and phishing
• Act as corporate IT point-of-contact and escalation for all security related events or concerns
• Work with team leaders to understand their software needs and establish a list of approved software for the organization

We Are Excited Because You Will Have:

• 7+ years of experience in Information Technology Operations and/or Information Security
• Minimum 5+ years experience working in a IT security operations role, preferably within a medium/large scale organization
• Comfortable working with MacOS (Catalina, BigSur, Monterey) and Windows 10/11 end user operating systems along with the following types of activities:
• Patching
• Hardening
• Anti-malware (reports, incidents, resolution, definition updates, etc)
• System logs (investigative review, report generation)
• Experience using Jamf Pro and Azure Intune/Endpoint Manager MDM platforms to monitor, control, report, patch and manage end user devices
• Experience working at a cloud-first organization highly desired
• Must have experience working with the following key SaaS applications:
• Google Workspace (Email and file collaboration)
• Jamf Pro & Intune (MDM Platforms)
• Rapid7 Insight IDR/VM products (SIEM and Vulnerability Mgmt)
• Okta (IdP) - bonus points for experience with Okta Workflows
• Additional SaaS application experience desired: Asana, Slack, Box, Zoom, SentinelOne ServiceNow, Jira, and Confluence
• Experience with the following IT business systems also highly desired: Workday, Salesforce, and Netsuite
• Demonstrated experience with Google Workspace security including mail encryption, phishing, spoofing, blacklisting, and DLP rules
• Knowledge of or experience configuring DMARC/SPF/DKIM public DNS records to protect against phishing and spoofing
• Experience with system/user incident response, documentation, evidence gathering/preservation, and root cause analysis
• Strong analytical and problem-solving skills
• Strong interpersonal, written, and oral communication skills
• Able to conduct research into issues and products as required
• Ability to prioritize, execute tasks and make sound decisions
• Capable of presenting ideas in a user-friendly language
• Demonstrable experience of establishing strong working relationships with technical teams, stakeholders and third parties
• Ability to understand and explain IT solutions and issues to a non-technical audience
• Previous experience working under organizations that require compliance from any of the following regulations: ISO, PCI, SOC2, SOX and FedRAMP
• Project/Program Management background is preferred
• Thorough knowledge and understanding of key IT operational programs such as service, change, patch, and vulnerability management

SSCP/Security+/ITIL certifications desired
We understand that not everyone will match the above qualifications 100%. If your background isn't perfectly aligned but you feel you would be a great addition to the team, we'd love to hear from you.
About Udemy
At Udemy, we're all about improving lives through the power of learning. We are a leading global learning company and one of the world's largest education platforms with more than 54 million learners. Our goal is to provide flexible, effective skill development to empower organizations and individuals. Talented people are everywhere, but opportunities can be hard to come by. That's why we're focused on revolutionizing learning, using our skills and expertise to help others develop theirs and reach their full potential. Individually, we bring our unique perspective to reimagine the way we share knowledge. Together, we can improve lives by empowering our learners, our instructors, and businesses around the world.
We are proud to be recognized for our world-class employee experience. Learn more about our Great Place to Work certification here and find out what it's like to work at Udemy on our blog .
Udemy is headquartered in San Francisco with global offices in the US, Turkey, Ireland, Australia, India, and Brazil. Learn more on our company page .
Information regarding data privacy is available within the Udemy Careers Privacy Notice .
At Udemy, we value diversity and inclusion and consider qualified applicants without regard to race, color, religion, sex, national origin, ancestry, age, genetic information, sexual orientation, gender identity, marital or family status, veteran status, medical condition or disability. We will consider for employment qualified applicants with arrest and conviction records.
Udemy Benefits:

• Eligibility: Regular, full-time employees are eligible for Udemy's benefit programs.
• Health Plans: Medical, dental, and vision coverage (100% coverage for employee-only).
• HSA/FSA/Commuter: Pre-tax savings/spending plans available; generous HSA employer contributions for those enrolled in the HDHP medical plan.
• Life/Disability: Employer-paid life insurance (supplemental available), in addition to short-term and long-term disability.
• Retirement: Access to 401(k) with annual employer contribution.
• Wellbeing: Corporate memberships for meditation and mindfulness, therapy and coaching, financial planning, primary care, tele-health, health advocacy, parent/newborn support, and employee discounts.
• Education: Free access to the entire course library on the Udemy and Udemy for Business platforms; annual stipend for external learning beginning at six months of employment.
• Charitable Matching Program: Employer match of monetary contributions to eligible nonprofits and charities that carry a 501(c)(3) tax status.
• Vacation: 15 days per year of Paid Time Off for hourly; flexible Discretionary Time Off for salaried.
• Parental Leave: 8 weeks of leave at 100% pay for parents who take time off from work following the date of birth, adoption, or foster placement beginning at six months of employment; this amount is in addition to pregnancy-disability benefits at 100% pay, if applicable.
• Holidays: 11 paid holidays throughout the year

#LI-DN1