Cincom Systems is a leading provider of Enterprise Resource Planning (ERP), Manufacturing Execution Systems (MES), Supply Chain Management (SCM) and Enterprise Quality Management and Compliance (ECQM) systems and platforms for aerospace and defense manufacturers globally. The continued investment in advanced surveillance technologies by the U.S. And foreign governments has led to continued rapid growth for Cincom, as more aerospace and defense manufacturers rely on their software than any other software provider globally. More Unmanned Aerial Vehicles (UAV)s are manufactured using Cincom's software than any other enterprise software company serving the aerospace and defense industry today.
Cincom's profitable growth is leading to expansion of manufacturing facilities globally and the need for an Enterprise Security Manager to ensure secure, safe operation of its development center in San Diego, California. A DOD-complaint facility, the San Diego Research and Development Center is world-known for its advanced research into manufacturing systems supporting UAVs, advanced weaponry and situational awareness systems. The Enterprise Security Manager's role is a strategic one, directly linked to each program in development and requiring clearance by Depart of Defense (DoD) standards. Cincom abides by the precepts of having enterprise security management be a central part of the strategic plan of manufacturing, inclusive of information systems, site security and advanced threat detection and risk mitigation (Straub, 1988). The Enterprise Security Manager will regularly interact with senior management across all programs and define benchmarks for risk mitigation through the use of balanced scorecards, specific key performance indicators (KPIs) and dashboards all aligned to Cincom's strategic direction (Gordon, Loeb, Tseng, 2009). Due to these unique requirements, the Enterprise Security Manager must have the ability to manage subordinates effectively while leading a staff of ten, while also ensuring the enterprise security function of the San Diego Research & Development facility stays above compliance standards as defined by the United States Department of Defense and additional western nations who are Cincom's customers. Combining strategic vision and the ability to execute tactically with precision and urgency is a best practice of enterprise security managers in high-growth organizations today (Forte, 2009).
Roles And Responsibilities
The Enterprise Security Manager will be expected to excel on the following dimensions of their role as part of the Cincom R&D Senior Management Team:
Managing and Leading
To plan, organize, lead and control each aspect of the strategic security management plan, including the defining of specific dashboards and scorecards to track performance against plan.
Managing variation to plan through a variety of security management techniques and programs, including Six Sigma analysis of workflows and the use of Business process Re-engineering (BPR) to critical workflows for R&D center security. The reliance on BPM and BPR techniques for continually ensuring conformity and compliance to requirements is critical for long-term growth of the center and its continual secured performance (Booker, 2006).
Expected to use situational leadership skills to selectively apply planning, organizing, leading and controlling aspects of their skills sets as leaders to specific decisions related to R&D Center security and stability.
Defining performance programs and objectives for each of the ten subordinates in the department, including stretch objectives and a continual focus on excellence across the department.
Inclusion of 360-degree feedback systems and processes to ensure that each employee is viewed from their most accurate assessment of their performance level.
Continual focus on education and knowledge transfer within the department and with other departments is essential, as the Enterprise Security Manager will be given the responsibility for managing the system of record for all external interactions with the center. Knowledge management and transfer is essential for the successful development and growth of any security organization (Baxter, 2012).
To define and implement a budget review process that seeks to balance the needs of the R&D center for continual monitoring and risk mitigation while ensuring security continues to be a strategic asset. The budget will be directly linked to the corporate strategic plan and the Enterprise Security Manager will report quarterly to senior management on performance against budget and results attained.
To participate and contribute to strategic planning meetings at the divisional and corporate level, ensuring security at the R&D Center is continually taken into account in the global security and risk management strategies of the firm. The Enterprise Security Manager will champion the integration of security and risk management into the overall Cincom strategic plan, ensuring consistency and no lapse or oversight in strategic focus. The highest performing organizations ensure that security and risk management are tightly integrated into the strategic plan overall, ensuring consistently and clarity of role and support for security as a strategic priority (Atkinson, 2005). Candidates who have previous experience championing the integration of security and risk management into the strategic planning process are preferred.
Coordinate and collaborate with the Cincom Chief Financial Officer (CFO), General Manager of the San Diego Facility, and the senior management staff to ensure budgeting is sufficient to ensure security and risk management at the physical plant and IT levels of the center.
Manage the budget and spending levels for security and risk management initiatives and programs at the Cincom R&D Center, reporting quarterly to senior management on performance against plan and results attained.
Develop Return on Investment (ROI) analysis for each capital expenditure related to security and risk management. This includes collaborating with the Chief Information Officer (CIO) to ensure that capital expenses (CAPEX) are budgeted correctly and a clear ROI case is defined prior to the investment.
Information Technologies Security
Leads a team of five security engineers who are members of the security department staff, providing them with leadership and direction in the areas of threat assessment analysis, preventative security system strategies and techniques, and IT network architecture definition.
Extensive experience enterprise risk assessment and distributed security management architecture development and definition. A the Cincom R&D center has secured gateways to many nations; defense ministries and departments of defense, it is critical for the Enterprise Security Manager to have a thorough understanding and mastery of distributed security management architectures (Priggouris, Hadjiefthymiades, 2006).
Define and continually improve breach prediction scenarios using Cincom's rules and constraint-based technology that can factor in multiple events to determine threat probability. The Enterprise Security Manager will be expected to lead a team that will use artificial intelligence to predict security breaches from an IT level using these technologies, leading a group of security engineers in this task.
Using advanced Business Process Management (BPM) and Business Process Re-engineering (BPR) to streamline security breach analysis and reporting, the Enterprise Security Manager will continually improve these workflows to ensure rapid closure of events (Booker, 2006).
Disaster recovery will also be continually improved from a workflow and reporting standpoint using BPM and BPR techniques, with the goal of continual improvement in reporting metrics over time. The target objective of 10% improvement per year will be used to managing this specific area.
The Enterprise Security Manager will lead knowledge transfer sessions on a periodic basis and actively promote certifications for their staff. Making a continual investment in knowledge transfer is critical for the growth of the security management function (Baxter, 2012).
Candidates with the following qualifications are encouraged to apply:
10 or more years of security management experience in a high technology company.
Certifications in IT security management and proven expertise leading a technology-based team.
Expertise in strategic security management, integration of security and risk management into the strategic plan of an organization.
Experience in managing a team of ten or more professionals.
Expertise with advanced productivity applications and the ability to quickly create and use advanced reporting functions. This is a critical skill set for the development of dashboards with specific Key Performance Indicators (KPI)s reporting security performance levels.
Financial expertise in creating ROI analyses and expertise with CPAEX planning.