The Manager, Information Security establishes and implements enterprise policies and programs to protect information systems and enterprise data from intentional or inadvertent modification, disclosure or destruction. This leader positions the security organization to provide an efficient, effective and up-to-date risk management environment in support of all corporate and regulatory objectives, and is responsible for developing, maintaining, publishing and enforcing enterprise IT security architecture and security standards and guidelines encompassing both physical environment security and information system security.
Effective candidates will be adept at achieving security outcomes by creating a culture of security awareness and through mentoring and team development. Tasks include the selection of appropriate security solutions and oversight of any vulnerability audits and assessments and follow up with implementation and remediation activities based on audit recommendations.
This leader will lead an Enterprise Security function including: Global Security Risk and Compliance, Security Engineering, Security Administration, Security Operations Center, IT Risk Management and Business Continuity.
This leader will provide Team Members, Executives, Audit Committee and Board of Directors research and guidance on risk assessments and appropriate mitigation strategies aligned with an Enterprise Risk Management Strategy.
- Managing a team of security employees and overseeing/building relationships with key managed security services firms, security solution providers, and audit firms.
- Leading cross functional teams through auditing and compliance activities including Sarbanes Oxley (SOX), Payment Card Industry (PCI), customer audits, Internal Audit, etc.
- Responsible for establishing, maintaining, socializing, measuring and auditing a policies, standards, and governance framework aligned with domestic and international business goals/ objectives.
- Monitoring of all security operations including SIEM platform, AV, Firewalls, Identity Management Platform, access request processing, digital loss prevention, etc.
- Maintaining all security tools and technology and helping to select new tools as needs or opportunities arise.
- Establishes and manages the capability to prevent, detect, contain, mitigate and recover from information incidents to minimize business impact. Analyzes and provides assessments of IT Security Incidents & trends and their impact on business to Senior Management.
- Establishes, monitors, evaluates and reports key performance and key risk indicators (KPIs and KRIs) to provide leadership with accurate information regarding the effectiveness of the information risk & security strategy
- Responsible for all phases of Business Continuity.
- Collaborates with all levels of business and IT management, conducting training and education programs to raise security and IT risk awareness.
- Provides Information Security, IT Risk and Business Continuity input to strategy and planning efforts.
- Ensures new development, major changes and improvements to applications and systems continue to provide necessary and appropriate security, IT risk and continuity, within all applicable environments.
- Advises Contract and Legal Teams to ensure terms and conditions protect the company and comply with the organization’s risk profile.
Desired skills and experience:
- Bachelor’s degree in electrical engineering, systems engineering, computer science, computer engineering, information technology, management information systems or equivalent.
- Minimum three years of successful experience in an Information Security or related field.
- Structured project management experience and broad experience in computer and network systems, application development security, desktop environments, etc.
- Security certification strongly preferred (CISSP, GSEDC, CISM, CEH)
- Minimum two years of successful experience directly managing technical individual contributors, project managers, and vendor relationships.
- Balance of strong technical knowledge and strong leadership competencies.
- Ability to translate complex IT Security problems and issues into simple business terms.
- Demonstrated ability to motivate, mentor, coach and lead technical teams; must be able to work directly with individuals at all levels of the Company.
- Strong verbal and written communication, facilitation, and interpersonal skills.
- Ability to manage vendor/supplier relationships, including contract negotiation, ongoing maintenance & support and problem-resolution.
- Ability to effectively manage annual budgets and forecasting.
- Experience with one or more of the following preferred: PCI-DSS (Payment Card Industry), PII (Personally Identifiable Information), and/or Sarbanes Oxley (SOX).
- Knowledgeable of the impacts on cloud based applications on an organization’s security needs and capabilities.