Manager Cyber Security & Risk Management

Manager Cyber Security & Risk Management

Vacancy expired!

Job Description:


Ajinomoto Foods North America, Inc.

US-CA-Ontario

Job ID 4143
# of Openings 1
Job Field Information Technology
Job Type Regular Full-Time
Shift First Shift


Overview

Manager, Cyber Security and Risk Management is responsible for overall security posture of Ajinomoto foods North America. He/she has a clear understanding of best practices in security and compliances while demonstrating sound business acumen. The Manager, Cyber Security and Risk Management has expert knowledge and experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (COBIT) and National Institute of Standards and Technology (NIST).The Manager, Cyber Security and Risk Management manages the
Ajinomoto foods North America Security Register and interfaces with External Auditors, J-Sox (Japanese -Sox) Team and various technical and non-technical internal business functions. He / She has strong theoretical as well as hands-on experience in evaluating, deploying and managing of various security and compliance technologies.

Responsibilities

• Contribute to the development, implementation, and maintenance of Enterprise Security policies, standards, and processes that help identify and mitigate security risk.
• Contribute to security risk identification, classification, and mitigation processes
• Monitors, tracks, and reports on compliance to security requirements and works with the responsible parties to drive timely remediation.
• Contribute to the development of security metrics. Track, analyze, and report security metrics and propose countermeasures to address security trends that are not in line with the desired
  risk profile.
• Advise departments on security regulatory requirements, enterprise security policies, and security best practices. Contribute to and provide security training and awareness to enterprise personnel.
• Established security projects and initiatives and ensure the desired outcomes are delivered on budget and on schedule.
• Oversee and lead the development of technical security standards for various technologies such as network architecture, operating systems, databases, directory services, web services, mobile computing etc.
• Conduct security risk assessments that analyzed both security controls and technical vulnerabilities
• Supports the development and maintenance of all documentation related to network, systems operations and disaster recovery
• Works with other functional IT areas on project related activities including the development and maintenance of disaster recovery ability for all critical software and hardware
  
• Assists in conducting technology research and feasibility studies / testing for new technologies
• Develops and maintains documentation for all assigned responsibilities
• Execute and assists in the deployment, monitoring, maintenance, upgrade, and support of IT security systems, including IPDS, Log Monitoring and Correlation, End Point Security, Next Generation Firewalls, Vulnerability Analysis and System Hardeningetc
• Manages Incident Response program
• Develops and maintains documentation for all assigned responsibilities
• Other tasks as assigned by CIO or Sr. Directors.

• Bachelor's Degree from an accredited 4year university
• Minimum 5+ years of experience in the information security, information technology, enterprise risk or compliance field
• CISSP; Cisco CCNA - Security
• Expert knowledge in Security policy frameworks and control
  design including managing policy exceptions, identify compensating controls and remediation action plans
• Hands-on experience with a variety of information security technologies
• Strong functional knowledge of information security such as GRC, vulnerability scanning tools, Access Control Systems, IDS/IPS, Log Management / Correlation, Authentication (including SSO / DFA), Encryption, Cloud (Private / Public / Hybrid) and associated technologies. Working knowledge of physical security controls
• Strong knowledge of networking and systems architecture. Experience implementing network, applications, web services, database, and operating system security configurations.
• Advanced technical understanding of network relates protocols and services (TCP/IP, DNS, DHCP etc.)
• Experienced in End-user Security Training
• Experienced in Disaster Recovery Programs
• Must be team player and exceptionally customer service oriented

Excellent understanding of organizations goals and objectives
• Good communication skills (verbal and written)
• Must be very organized and self-motivated / independent worker with keen attention to detail and follow through
• Ability to prioritize and execute tasks in high-pressure environment
• Frequent work outside regular business hours to facilitate system upgrades / rollouts
• Must have a strong hands-on/technical knowledge of core Microsoft technologies.