Global Security Program Manager

Posted:
12/2/2024, 9:11:50 AM

Location(s):
Massachusetts, United States ⋅ Framingham, Massachusetts, United States

Experience Level(s):
Senior

Field(s):
IT & Security ⋅ Product

Workplace Type:
Remote

You know the moment. It’s the first notes of that song you love, the intro to your favorite movie, or simply the sound of someone you love saying “hello.” It’s in these moments that sound matters most. 

At Bose, we believe sound is the most powerful force on earth. We’ve dedicated ourselves to improving it for nearly 60 years. And we’re passionate down to our bones about making whatever you’re listening to a little more magical. 

At Bose, we are entirely self-funded, and enabling growth year after year takes careful planning, talent, capability, and passion. Through a broad variety of specialties and disciplines, the Finance team enables the business to make the decisions and investments, at the right times, to ensure the long-term financial viability of the company.

Job Description

The mission of the Global Security Operations Center is to support Bose’s Worldwide Operations by creating and maintaining a work environment that is both prepared and secure.  This will be accomplished  by creating policy and implementation guidelines; training leadership and staff; using technology to eliminate subjectivity, complexity, and variation; identifying, preparing for, and mitigating risk; and auditing our practices to ensure compliance.

The Physical Security Engineering, Global Security Operations Center (GSOC) Manager, is responsible for managing a cross-functional team who supports Worldwide Operations. This is a highly collaborative and visible position that requires strong attention to detail, an inquisitive mindset and excellent communication skills. The role is accountable for ensuring performance Service Level Agreements (SLAs) are maintained, customer experience is optimal and the continuous development of a high performing team. The leader must also deal effectively with high levels of ambiguity and make response related decisions, sometimes with incomplete information, during high severity incidents.

The candidate must have a proven record of effective leadership capabilities and demonstrate elevated judgment while operating under pressure. They must possess the ability to operate autonomously, use discretion when dealing with sensitive and critical information, and apply sound business principles to identify barriers and initiate actions to resolve. The candidate should possess a proven record of working across multiple organizations to resolve escalations where the problem and solutions, as well as risk strategy, may not be well defined.  This position requires a deep understanding of Internet technology (IT) and the Lenel OnGuard Security network, and the Exaqvision video management system employed globally by Bose.

This position is a full time position that requires the manager to be present on Campus three days a week and the remaining two day can be remote.  This position will report to the Senior Manager of Global Security.

In this role, the successful candidate is responsible for oversight of a shift with direct reports. The candidate assists and mentors the team when mitigating crisis and incidents at global scale. This leadership role requires the employee to work on a shift; including nights and weekends based on the needs of the GSOC. Overall, the successful candidate leads and directs teams through incidents which impact worldwide operations to achieve optimal outcomes for our customers.

Cyber hygiene is critical to the safe and predictable functioning of access control, video monitoring,  building count and safety.  Cyber hygiene practices can keep data safe and well-protected. In turn, this aids in maintaining properly functioning devices by protecting them from outside attacks, such as malware, which can hinder functionality. Cyber hygiene relates to the practices and precautions users take with the aim of keeping sensitive data organized, safe, and secure from theft and outside attacks.

 This person will suggest to the Senior Global Security Manager practices and steps that users of security system applications, computers and other devices take to maintain system health and improve online security.  This will be done in parallel with the Bose Global Information Security team  (GIS). These practices are often part of a routine to ensure the safety of identity and other details that could be stolen or corrupted.  Cyber hygiene is to be  regularly conducted to ward off natural deterioration and common threats.

Not limited to the following the Physical Security Engineering/GSOC Manager will examine the Global Security enterprise and legacy software and programs to determine if any of these systems have specific vulnerabilities that can lead to different problems. Some of these problems include:

  • Loss of Data: Hard drives and online cloud storage that isn’t backed up or maintained is vulnerable to hacking, corruption, and other problems that could result in the loss of information.  
  • Misplaced Data: Poor cyber hygiene could mean losing data in other ways. The information may not be corrupted or gone for good, but with so many places to store data, misplacing files is becoming increasingly commonplace in the modern enterprise.  
  • Security Breach: There are constant and immediate threats to all enterprise data. Phishing, hackers, malware, spam, viruses, and a variety of other threats exist in the modern threat landscape, which is constantly in a state of flux.  
  • Out of Date Software: Software applications should be updated regularly, ensuring that the latest security patches and most current versions are in use across the enterprise – for all applications. Out of date software is more vulnerable to attacks and malware.  
  • Older Security Software: Antivirus software and other security software must be updated continuously to keep pace with the ever-changing threat landscape. Outdated security software – even software that has gone a few months without an update – can’t protect the enterprise against the latest threats.

Document All Current Equipment and Programs

All hardware, software, and online applications will need to be documented. Start by creating a list of these three components:

Hardware: Computers, servers, connected downstream devices (LNL-X2220’s, Axis M30 camera).
Software: All programs, used by everyone on a particular network, are installed directly onto computers. 
Applications: Web apps (i.e. Dropbox, Google Drive), applications on phones and tablets, and any other program that isn’t directly installed on devices.

Analyze the List of Equipment and Programs

After creating a comprehensive list of all cyber-facing components, you can begin to scrutinize the list and find vulnerabilities. Unused equipment should be wiped and disposed of properly. Software and apps that are not current should be updated and all user passwords should be changed.

Implement and Leverage Physical Security Technologies

Identify, plan, and implement current and future technologies to assist with investigatory and response functions. Maximize the function and use out of current equipment and programs but also remain future facing to technology enhancements and improvements.

Cyber Hardening

Review the current state of the physical security equipment. Strategize and develop a roadmap to mitigate potential risks and vulnerabilities. Work with IT to implement cyber hardening on physical security equipment that resides on the Bose network.

Security System Maintenance

Oversee and maintain the existing Access Control and Video Management systems.

Security System Programming

Support and assist security vendors/contractors with the programming, testing and commissioning of new access control and video management systems and components. Assist with troubleshooting any potential programming concerns with the access control and video management systems.

Create A Common Cyber Hygiene Policy for the Security Program

The newly clarified network of devices and programs will need a common set of practices to maintain cyber hygiene. If there are multiple users, these practices should be documented into a set policy to be followed by all who have access to the network. 

Here are typical items that should be included in a cyber hygiene policy:

  • Password Changes: Complex passwords changed regularly can prevent many malicious activities and protect cyber security.
  • Software Updates: Updating the software you use, or perhaps getting better versions should be a part of your regular hygienic review.
  • Hardware Updates: Older computers and smartphones may need to be updated to maintain performance and prevent issues.
  • Manage New Installs: Every new install should be done properly and documented to keep an updated inventory of all hardware and software.
  • Limit Users: Only those who need admin-level access to programs should have access. Other users should have limited capabilities.
  • Back Up Data: All data should be backed up to a secondary source (i.e. hard drive, cloud storage). This will ensure its safety in the event of a breach or malfunction.
  • Employ a Cyber Security Framework: Businesses may want to review and implement a more advanced system (e.g. the NIST framework) to ensure security.

Once the policy is created, the routine for each item should be set to appropriate timeframes. For instance, changing passwords every 120 days or checking for updates at least once per week could be set in place. Doing so will ensure the continued cyber hygiene of your entire network of hardware and software.

Developing comprehensive cyber hygiene procedures is a must for today’s enterprises. When carried out in conjunction with robust, enterprise-wide security practices, sound cyber hygiene practices aid in maintaining a sound security posture for modern organizations.

Bose is an equal opportunity employer that is committed to inclusion and diversity. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics. For additional information, please review: (1) the EEO is the Law Poster (http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf); and (2) its Supplements (http://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm). Please note, the company's pay transparency is available at http://www.dol.gov/ofccp/pdf/EO13665_PrescribedNondiscriminationPostingLanguage_JRFQA508c.pdf. Bose is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the application or employment process, please send an e-mail to [email protected] and let us know the nature of your request and your contact information.

Our goal is to create an atmosphere where every candidate feels supported and empowered in the interviewing process. Diversity and inclusion are integral to our success, and we believe that providing reasonable accommodation is not only a legal obligation but also a fundamental aspect of our commitment to being an employer of choice. We recognize that individuals may have different needs and requirements based on their abilities, and we provide reasonable accommodations to ensure ideal conditions are met during the application process.

If you believe you need a reasonable accommodation, please send a note to [email protected]

Bose

Website: http://www.bose.com/

Headquarter Location: Framingham, Massachusetts, United States

Employee Count: 10001+

Year Founded: 1964

IPO Status: Private

Last Funding Type: Equity Crowdfunding

Industries: Audio ⋅ Consumer Electronics ⋅ Hardware ⋅ Manufacturing ⋅ Music