Manager, Information Security

Accountability, Active Directory, Amazon Web Services, Antivirus, Attention to detail, Audit, Authentication, Budget, Business continuity planning, CAN, CISSP, Cadence, Certified Ethical Hacker, Cloud security, Coaching, Collaboration, Communication skills, Compliance, Computer, Computer science, Contingency plan, Continuous improvement, Crisis management, Customer experience, Cyber security, Data QA, Data analysis, Documentation, Education, Emergency management, Encryption, Evaluation, Financial management, Firewall, Forecasting, Forensics, Framework, GCIA, GCIH, GIAC, GPEN, Group policy, HIPAA, IDS, IPS, ISO 9000, IT, IT audit, IT governance, IT management, IT risk, IT security, Identity management, Implementation, Incident management, Information security, Information security management, Infrastructure, Interviewing, Intrusion detection, Investigation, Leadership, Linux, Log analysis, MAN, Malware analysis, Mentorship, Metrics, Microsoft Windows, Monitoring, NATURAL, Network security, Networking, Office equipment, Operations, Organizational change management, Organizational skills, PCI, Partnership, Penetration testing, Performance management, Physical security, Planning, Policies, Policies and procedures, Presentations, Privacy, Problem solving, QA, Recruitment, Relationship building, Reporting, Risk assessment, Risk management, SIEM, Sarbanes-Oxley, Security, Security controls, Security engineering, Security operations, Service level, Strategy, Supervision, System integration testing, Training, Voice of the customer, Vulnerability assessment
Full Time
Depends on Experience
Travel not required

Job Description

The purpose of this job is to direct a team of Information Security (IS) professionals in the development, implementation, and compliance of both technical security and technical risk management across the enterprise. This position will reinforce the overall security posture of the organization through proactively coordinating security measures to monitor and protect systems as well as deal with the threats.  This role exists as an integral member in planning and executing the organization's information security strategy.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Manages risks related to information security, physical security, business continuity planning, crisis management, privacy, and compliance.

  • Assesses risks to mitigate potential consequences of incidents and develops plans to respond to incidents. Analyzes risks to minimize losses or damages, develops safety standards, policies, or procedures.
  • Directs or participates in emergency management and contingency planning. Ensures there are emergency response plans or procedures. Directs organizational operations, projects, or services.
  • Writes or reviews security-related documents, such as incident reports, proposals, and tactical or strategic initiatives.
  • Analyzes and evaluates security operations to identify risks or opportunities for improvement through auditing, review, and/or assessment.
  • Conducts threat or vulnerability analyses to determine probable frequency, criticality, consequence, or severity of natural or man-made disasters or criminal activity on the organization's profitability or delivery of products or services.
  • Ensure that the organization's data and infrastructure are protected by enabling the appropriate security controls.
  • Manages resource availability to continuously support the business through sustained operations.
  • Identifies areas for improvement, develops improvement program and monitors the implementation to increase process efficiency.

Partners with business and IT team members to ensure that enterprise security strategies align with business strategic objectives and priorities. 

  • Participates in a committee that brings together key security and risk stakeholders to develop and review enterprise security and risk strategies.
  • Coordinates with technology and business groups to assess, implement, and monitor IT-related security risks and hazards.
  • Recognizes the trade-offs required to manage the different levels of information security risk tolerance and risk exposure across the organization and balance this with risk investments.
  • Reports security performance against established security metrics and service level agreements.
  • Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end-users so that policy can align with need.
  • Evaluates documented resolutions and analyzes trends for ways to prevent future problems.
  • Cultivates, disseminates, and enforces policies, standards, and procedures.
  • Develops and implements long-term goals and objectives to achieve the successful outcome of the team.

Ensures all staff members are trained on enterprise and industry-regulated security requirements through awareness programs.

  • Enhances the information security awareness program to customize communication tools and campaigns for each business unit and integrated services group.
  • Develops and recommends information security policies and procedures by evaluating organization outcomes, identifying problems, evaluating trends, and anticipating requirements.
  • Develops, conducts, supports, or assists in governmental reviews, internal corporate evaluations, or assessments of the overall effectiveness of Security program. Develops procedures to evaluate organizational Security and General IT controls.
  • Leads security training and communicates policies. Leads by promoting a culture of collaboration, continuous improvement, quality and accountability.
  • Develops evaluation framework to assess the strengths of the team and to identify areas for improvement.

Develops and leads a team of Information Security professionals.

  • Provides daily direction to IS team.  Communicates Mission, Values, and other organization operating principles to direct and indirect reports.
  • Establishes and maintains the overall work cadence and, in partnership with IT Leadership, ensures performance and outcomes strive for excellence in delivery and customer experience.  Ensures that the entire assigned IS team is engaged and that leadership practices for the department encourage development, recognition, and retention.
  • Establishes and holds team accountable to and adheres to hiring criteria, on-boarding, and training requirements for incoming staff.
  • Oversees the performance management and development process for the assigned IS team members and performs performance management duties, development planning and coaching for direct reports.
  • Acts as a resource for assigned IS team members to answer questions and solve complex problems.
  • Manages assigned IS budget, technology and other resources, workload, and customer requests for IS services.  Ensures adherence to all Company policies and procedures and Compliance responsibilities.
  • Ensures data quality, adherence to IT security guidelines, profitability and other risk-related metrics for self and members of the team.

SUPERVISORY RESPONSIBILITIES

Directly supervises employees within the IS team and carries out supervisory responsibilities in accordance with company policies and applicable laws. These responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; conducting performance and salary reviews; rewarding and disciplining employees; addressing complaints and resolving problems; coaching, mentoring, and developing team members to further their skills and knowledge; creating and monitoring development plans; setting performance expectations/goals; forecasting staffing needs and planning for peak times and absences; enforcing department policies and procedures.

EDUCATION AND EXPERIENCE

Bachelor’s Degree in Computer Science, IT, or similar field required.  Minimum 5 years of experience in managing and leading IT Security teams.  Minimum 10 years of related IT and information security experience required. Minimum 3-5 years of experience in AWS Cloud Security services preferred. Equivalent combination of education and experience may be considered.

CERTIFICATES, LICENSES, REGISTRATIONS

Professional certifications in Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), and/or Security + preferred. AWS Certified Security-Specialty certification preferred. 

KNOWLEDGE AND SKILLS

Experience with AWS Services such as AWS Identity & Access Management, AWS Organizations, AWS Security HuB, Guard Duty, CloudTrail, AWS CloudTrail. Experience in cyber security with working knowledge of data analysis, risk assessment and mitigation, investigation methods, incident management concepts and practices, with background in intrusion detection and forensic analysis.  Possess technical ability to use and manage Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, SIEM, Network Behavior Analysis tools, Antivirus, Network Packet Analyzers, Malware analysis and forensics tools.  Knowledgeable in networking and proven experience in Windows and Linux environments, including Group Policy and Active Directory. Demonstrable track record for taking initiative and getting things done under minimal supervision. Knowledge of national regulatory compliances and frameworks such as ISO, SOX, HIPAA, and PCI. Advanced in policy formulation, information security management, and business risk management. Competent in IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management. Working knowledge of IT financial management and IT audit. Strong experience and detailed technical knowledge in security engineering, system and network security, authentication, and encryption protocols.  Detail oriented, strong analytic and problem-solving skills.  Strong organizational skills with the ability to juggle multiple projects/tasks at once. Effective verbal/written communication and presentation skills, including an ability to communicate effectively with a diverse array of stakeholders. 

COMPETENCIES

This position maps to the Manager level competencies.  Additional competencies required: Leadership, Relationship Building, and Problem Solving.

PHYSICAL REQUIREMENTS

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently will sit, stand, walk, and bend during working hours. Requires manual and finger dexterity and eye-hand coordination. Required to lift and carry relatively light materials.  Requires normal or corrected vision and hearing corrected to a normal range.

WORK ENVIRONMENT 

This position operates in an office environment and requires the frequent use of a computer, telephone, copier, and other standard office equipment.

Dice Id : 10123200
Position Id : 6937701
Originally Posted : 2 months ago
Have a Job? Post it