Information Security Manager

Information Security Manager

Vacancy expired!

#6536

Seeking an Information Security Manager for a full time position.

The Information Security Manager will perform key information & cyber security tasks such as risk assessments, gap analysis, cyber security program management, incident response, and vulnerability management.

Essential Responsibilities:

• Function as the technical architect and primary implementer for all Information Security tools based on the Defense-in-Depth strategy and best practice.


• Manage and deliver complex engagements and projects that involve Security strategy, support, control assessments, risk management, software/hardware optimization, technology operations, business processes, business resiliency, and data integrity.


• Collaborate with Technology Infrastructure Engineering team to design and implement tools such as Intrusion Detection, Malware Detection, Application Monitoring, Database Encryption and Multi-Factor Authentication


• Serve as the technical resource for all SOX, Compliance and InfoSec audits. Provide audit information, process and data as requested.


• Collaborate with SOC, external partners and other departments to monitor and analyze activity log. Participate in remediation activities.


• Lead all Security related testing and assessments.


• Provide oversight and management of Continuity of Operations Plan (COOP) inclusive of the Business Continuity Plan, Disaster Recovery Plan, and Crisis Management Plan.


• Participate in the creation and implementation of the InfoSec Incident Response Plan.


• Manage all Security related policies and procedures and work closely with other department managers on interdependent policies.


• Identify and oversee Security training requirements for employees including simulated phishing campaigns.


• Provide and assist with training, guidance and leadership responsibility for CISO, SOC Personnel, and engineers as assigned.

Experience Requirements:

• 8+ years of IT engineering/security architecture/administration experience.


• 6+ years of mid to senior level security experience.


• Previous experience implementing Cyber Security tools such as Web Application Firewalls, Managed DNS Security, Corporate Firewalls, Email Filtering, Endpoint Protection, Security Forensic Tools, Vulnerability Scans, and Multi Factor Authentication.


• Thorough understanding of technology models and solid theoretical knowledge of technology implementation techniques.


• Ability to formulate overall Security strategy and document creative solutions.


• Experience supporting organizations with heavy regulatory scrutiny utilizing complex systems.


• Cloud architecture, control concepts, terminology, and solutions.


• Experience in designing, modeling, developing and supporting enterprise technology infrastructure.


• Experience with contract and vendor negotiations and management including managed services.


• Ability to weigh various technical solutions against the original business needs and recommend the most effective solution.


• Knowledge of common information security management frameworks, such as ISO/IEC 27001, NIST, and CIS.


• Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX) and Data Security Standard. Knowledge of global requirements.


• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate Security and risk-related concepts to technical and nontechnical audiences.


• Strong interpersonal skills at all levels of management and excellent teamwork skills.


• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity in high-pressure, high-stress situations.


• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.


• Innovative thinking and leadership.


• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

Education and Certification Requirements:

• Degree in business administration or a technology-related field is required, or equivalent work experience or education-related experience would be accepted in lieu of degree.


• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.

No Corp to Corp
No Sponsorship
No third party candidates considered for this position
Remote in a preferred area - PST or CST

If qualified and interested in this opportunity, please reply to JO#6536 along with a copy of your updated resume.