Navy-Marine Corps Relief Society (NMCRS), a non-profit charity, has an immediate opening for an experienced Information Assurance Manager (IAM) to manage Information Assurance and Privacy operations. This position formulates policy, assesses security, identifies vulnerabilities, manages risk, establishes and implements solutions. The IAM reports to the Vice President, Chief Information Officer.
The IAM is responsible for securing information and protecting client privacy as well as securing and protecting information from vendor and third party providers relating to the design, development, testing, documentation, and implementation of security, privacy, and compliance controls and programs mandated by Information Security Programs in conjunction with information systems and Risk Management Framework controls.
Primary areas of responsibility:
Information Security and Privacy Operations
- Manage the global enterprise security program to include designing, implementing, maintaining and continuously improving policies and procedures that help protect information assets.
- Assist IT Department in identifying organizational goals and objectives.
- Develop and maintain Information Security and Privacy policies, standards and processes.
- Create greater awareness of external threat environment, conduct risk assessment, test for vulnerabilities, design and implement solutions.
- Direct cross-functional teams in the areas of Information Security, compliance, privacy, scheduling and technology direction.
- Maintain up-to-date information on industry security trends.
- Design information security training programs.
- Mitigating vulnerabilities to NMCRS Information Systems.
- Maintaining security and privacy documentation
IT Risk Management
- Approve security and privacy compliance activities related to third parties, including assessments, inquiries, contractual agreements, and information release requests.
- Ensure that third party initiatives are in compliance with applicable contractual compliance laws and associated frameworks.
- Coordinate closely with senior leadership to provide Information Security and privacy guidance related to emerging risks and technologies.
- Developing Breach Response Plan of Action
- Manage the execution of internal and external audits and other assessments.
- Establish, maintain and execute processes to track, escalate and resolve identified Information Technology compliance gaps.
Incident Response and Containment
- Breach Response Notification Process
- Act as first responder in events related to Information Security.
- Internal Breach Investigations
Manage budget activities as it relates to area of responsibilities stated above.
- A Bachelor s degree in Computer Science, Information Systems Management or related field is required. Advanced degree preferred.
- Formal hands on technical experience in application and network management at an enterprise level.
- 8-10 years of current Information Security, Data Privacy and Compliance experience.
- Experience in managing complex Information Security projects.
- Advanced written and verbal communication skills including the ability to make presentations to a variety of audiences.
- Experience with NIST SP 800-53 Information Assurance controls and related certification and accreditation is required.
- Experience in managing multi-site operations.
- Advanced problem solving and team building skills.
- Understanding of security and compliance frameworks including PCI, HIPPA, ISO, and RMF.
- One or more active certifications in related areas of security, compliance and privacy such as CISM or CISSP.
- Prior experience with private non-profit organizations.
Salary range: Commensurate with education and experience.