WHO IS WESTERN ASSETWestern Asset Management focuses on supporting our clients' financial goals and creating positive outcomes for all kinds of people. Primarily a globally integrated fixed-income manager, we source ideas and investment solutions worldwide, with an emphasis on long-term fundamental value investing, using multiple diversified strategies.

Western Asset's information security program employs a holistic approach to managing the information security risks to the firm. As the Manager of IT Cyber Security, you will play an integral role in our mature Cybersecurity Operations function.

The Manager of IT Cyber Security is responsible for day-to-day operations, prioritization of work and leads the implementation of new cybersecurity technologies and processes, taking a best practice and risk-based approach to protect the company, our clients and employees. This role works closely with other infrastructure and operations functions to ensure security remains built-in to all areas of technology while leveraging industry leading tools, performing threat hunting and automation tasks to detect and respond to evolving threats. Your key objective is to solve complex technical challenges and safe-guard the firm's information system assets and data.

What you will do:

• Manage staff through leading, mentoring and influencing a team of engineers and analysts
• Oversee 24/7 SOC team and resources. Manages on-call schedule and incident escalations
• Own and support cyber toolset and functions including:
  • Proactive monitoring and reporting for endpoint and system health including, patching, compliance, and other performance metrics. Coordinates vulnerability remediation
  • Endpoint Detection & Response (EDR/XDR), automation (SOAR), anomaly detection and SIEM tools. SIEM/Log Correlation & Alerting, Insider Threat Detection, CSPM, Threat Intelligence / Partnerships with Industry Orgs (FS-ISAC), SOC Operations, DevSecOps (CI/CD), Penetration Testing (Red/Blue Team)
  • Secure DevOps, SDLC & Development Standards, Secure Coding, Application Vulnerability Analysis, Change Control / Integrity Monitoring, Web Application Firewalls, API Security, Third Party / Open-Source Supply Chain Security
  • Network security technologies including Firewalls, Application Security (SAST/DAST/SCA), Intrusion Detection, Identity Management, Data Classification/Protection, Anti Malware/NGAV, Web Proxy, Endpoint Management/Patching, DDoS Protection, Encryption/PKI, proxy
  • DLP, WAF, messaging security products. IR and Forensics tools
  • Identity and Access Management; SSO/Federation (SAML, OAuth, OpenID Connect), LDAP/Active Directory/SCIM, Multi Factor Authentication, RBAC Principles, IaaS/PaaS/SaaS Identity Integration, Privileged Access Management, Device Posturing / Certificate Based-Authentication
• Implement new security technologies, oversee incident response plan maintenance and testing through tabletop exercises. Diagnose and investigate problems. Support the incident response process
• Provide effective security guidance to technology teams and to the business
• Draft, review and maintain information security policies/procedures
• Manage security budget and roadmap. Stay current with security legislation and regulatory requirements, including performing gap analyses between guidelines and practice
• Monitor third party providers, suppliers, and security partners. Support vendor management program to assess security posture at third parties

What you will bring:

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience
• 7+ years of experience in an IT Security focused role, with 5+ years in a lead role with proven experience in mentoring staff
• Knowledge of security controls and concepts related to various security community groups or standards: CISSP Domains, NIST, OSI model, MITRE ATT&ACK frameworks
• Depth of knowledge of Cybersecurity Operations models and technologies (cloud, automation, orchestration, analytics, and risk-based approaches). Skilled in knowledge of modern security concepts such as common attack vectors, malware, security analytics and threat intelligence
• Proven experience within Incident Response situations. Knowledge of cybersecurity technology trends
• Excellent written and verbal communication skills, and capable of understanding, documenting, communicating, and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise
• Team player who thrives in collaborative environments and cross-functional teams
• CISSP, CCSP, or other relevant industry security-focused certifications preferred

Expected base salary for the role will generally be between $163,250 and $205,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis and is only part of the total compensation package, which, depending on the position, may also include other forms of compensation such as, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs.

About Western Asset

At Western Asset we're saying hello to the future. Committed to being the leading fixed-income investment management firm in the world, we're investing in new technologies, methodologies and markets. We're also investing in our people. Our business is guided by a belief in doing the right thing: that if we treat our clients and colleagues with fairness and respect, success will follow. We're building on our reputation and resources with an entrepreneurial approach that drives innovation. Every day is an opportunity for us to get better by making the most of the possibilities that our people and ideas can bring.

Our Commitment to Diversity

We believe a diverse and cohesive workforce promotes the formation of different ideas and viewpoints, enhances independent thinking, and helps create a work environment where the best ideas are identified and implemented. We are committed to unlocking the power of diversity through an inclusive environment that affords everyone the opportunity to develop individually, advance professionally and participate fully in the Firm's success.

EQUAL EMPLOYMENT OPPORTUNITY ("EEO")

Western Asset Management is an Equal Opportunity/AffirmativeAction Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, age, marital status, medical condition (including pregnancy and related conditions), physical or mental disability, protected veteran status, and/or any other characteristic protected by law.

Join our talent pool

We're always on the look-out for creative, curious, collaborative, and entrepreneurial individuals. Even if you don't see any current opportunities that match your skills, we'd still like to hear from you. Sign up for our Talent Pool and we'll get in touch when something suitable comes up.

Register today and build your own searchable profile ready for our hiring managers to view. All you need is a few basic details and an up-to-date copy of your resume ready to upload. We support .rtf, .docx, .doc, .txt and .pdf files, provided they are smaller than 2MB.