The Manager of Information Security is responsible for development, leadership, and administration of the information security program in alignment with internal and external compliance and security standards. This is a senior position that includes both strategic leadership and hands-on responsibilities to identify, monitor, report, and remediate information security risks.
Duties and Responsibilities
- Stays up to date on current and future security technology and trends and acts as a key advisor to align business and security.
- Monitors and routinely audits compliance to all information security procedures and policies, and ensures consistency of internal controls across departments.
- Cooperates with General Counsel’s office, marketing, and other departments on information security aspects of RFPs, client audits, vendor selection, vendor contracts, etc.
- Ensures timely and ongoing compliance with applicable regulations, including GDPR, CCPA, etc.
- Assists other IT teams in system and software architecture and design to ensure that assets and implementations are appropriately secure at all times.
- Works closely with the General Counsel’s office to ensure compliance with legal obligations.
- Manages the ongoing vulnerability scanning and assessment process and partners with the rest of IT and third parties to resolve vulnerabilities in a timely manner to maintain compliance.
- Partners with the rest of the IT organization to ensure effective implementation and ongoing management of security tools, systems and processes including: logging, IDS, IPS, endpoint protection, web filtering, MDM, DLP, CASB, vulnerability scanning technologies, etc..
- Provides oversight, guidance and development of requirements for vendor selection for new and replacement technologies within the IT Security footprint.
- Interfaces with management and user community to understand business needs, implement security best practices, and identify opportunities for improving security and compliance.
- Partners with the training and professional development staff to promote security awareness among the user community.
- Bachelor's degree from a four-year College or University in Computer Science or related field, or the equivalent combination of Education, Training, or Work experience.
- Minimum 5 years IT or Security Management experience.
- CISSP, CISM or GSEC Security Certification.
- In-depth knowledge of security best practices (encryption, data protection, design, privilege access, etc.).
- Experience with managing and implementing standard security technologies (DLP, CASB, MDM, SIEM, AV, IDS).
- Knowledge of networks technologies (protocols, design concepts, access control).
- Excellent written and verbal communications.
- Proficiency in planning, reporting, establishing goals and objectives, standards, priorities and schedules.
- Intelligent and persuasive leader who is able to communicate security-related concepts to a broad range of technical and non-technical staff.