Manager IT Security
- Establish a framework, policies, procedures, and awareness: Leads the effort to develop security standards, procedures, and guidelines for multiple platforms, applications, and diverse systems environments as well as evaluating existing information security procedures and identifying new areas of risk.
- Leads the effort to develop, enhance and implement security training program based on policies.
- Compliance: Identifies regulatory changes that will affect information security policy, standards, and procedures and recommends appropriate changes. Prepares action plan and monitors corrective measures to maintain adequate level of security to meet audit and regulatory requirements.
- Testing and Remediation: Coordinates the efforts, assist in the responses and tracks the remediation of Information Security Program Assessments and Risk Assessment. Coordinated internal and external audits related to Information Security.
- Identity Management: Develops and manages role-based access requirements, methods, processes and tools, including identify and authentication management Data Classification: Manage the information lifecycle, including information inventory, classification, handling, retention and disposal.
- Disaster Recovery: Establish updates and maintains the IT Disaster Recovery and Business Impact analysis efforts. Coordinates and documents table top exercises and Disaster Recovery tests.
- Vendor Reviews: Conduct Vendor Security Risk Assessments to determine which vendors have access to confidential information and perform detailed assessment based on the risk.
- 10+ years of relevant IT Security work experience including datacenter integration
- BS in Computer Science or IT related field required,
- Base certifications in the security industry. Examples: CCNA, MCITP/MCSE, CCSP, Security+
- Advanced Certifications strongly preferred. Examples: CISSP, CISA, CISM, SANS, Vendor specific
- Proficient in network security structure and placement of security services such as firewalls, IDS/IPS, and content filtering
- Experience with data protection & archiving, disaster recovery, business continuity and implementation
- Ability to create documentation that describes technical details in a meaningful manner
- Ability to work across multiple teams from Help desk, Infrastructure, Legal, DevOps and Executive Leadership
- Implemented and/or managed security event incident management solutions (SEIM), experience performing security incident response and/or investigation
- Industry knowledge of border testing, security policies, DR procedures & policies, remediation strategies and risk assessment is required.
- Knowledge of industry and best practices from organizations such as International Standards Organization (ISO), Center for Internet Security (CIS and national Institutes of Standards (NIST) is a plus
- Deep understanding of current and emerging threats, vulnerabilities, and attack vectors used to compromise enterprise and critical infrastructure. Prior experience in developing mitigation strategies to combat those risks is required
- Experience analyzing malicious network traffic using packet-level capture techniques
- Experience performing manual evaluation of networks, systems and applications for vulnerabilities including examining firewall rulesets, current patch levels, and inspecting logs for anomalous entries
- Experience evaluating enterprise network and system architectures to determine recommended security improvements
- Strong knowledge of IT controls, including security concepts and terminology related to applications, databases, operating systems, and IT operations
- Knowledge of JIRA is a plus
- Experience with tools like Qualys and Tanium
- Experience with information security, cyber security, and privacy issues and awareness of regulated data environments (e.g. PCI, SOX, FERPA, HIPAA, and COPPA) a plus
- Ability & desire to learn new product lines and technologies quickly & efficiently
- Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude
- Strong written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
- Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism
- Ability to complete work to given quality standards by agreed-upon deadlines