The IT Security Manager oversees day-to-day security operations. Assists with the coordination of activities within the IT Security organization; acts as a key contributor to the design, implementation, administration, maintenance, and monitoring of the Security Program. Facilitates compliance with audit, legal, regulatory, and customer contract requirements
Essential Duties and Responsibilities:
This Security Manager role will assist with coordination of activities within the IT Security organization and reports to the Chief Information Security Officer. The person occupying this role will be a key contributor to the design, implementation, administration, maintenance, and monitoring of the Security Operations Program.
The Security Manager role supports the CIO, CISO, Legal, and others for investigations, which may involve significant threats and/or the loss or misappropriation of assets. Preferred candidates will have significant experience in a role that required them to effectively identify, investigate, resolve, and track the remediation of security incidents.
The position requires a high level of technical knowledge in the area of application, operational, physical/facility, network, server, and workstation security.
Preferred candidates will be capable of assessing risks, designing mitigating security and control practices, influencing the culture of the company through training and education, coordinating with information and business owners on security issues and practices, monitoring compliance, and preparing and enforcing policies.
Performs security, risk, and vulnerability assessments of wired and wireless networks, information systems, and applications.
This role is responsible for helping to facilitate compliance with legal, regulatory, and customer contract requirements.
The candidate is expected to maintain knowledge of complex industry trends, current security issues and security technology development, and be able to provide updates to management on potential threats and risks that could impact the business/operations.
Other Duties and Responsibilities:
Developing, drafting, and maintaining Corporate and Security policies, facility security plans, control standards, and system and application standards. Scope of role also requires providing inputs into Contingency Plans, Backup Plans, Disaster Recovery Plans, Incident Plans, and Emergency Mode Operations Plans.
Performing security, risk, and vulnerability assessments of wired and wireless networks, information systems, and applications. Scope of role includes researching and maintaining proficiency in computer network exploitation, tools, techniques, and countermeasures.
Conducting IT and Security audits, writing reports, reviewing findings, making recommendations to management, and tracking remediation progress in collaborating with IT, Internal Audit, Compliance, business owners, and business unit leads.
Analyzing and evaluating security operations to identify risks or opportunities for improvement.
Will perform other duties as assigned
Job Requirements (Education, Work Experience, Certifications, Skills):
The position requires a Bachelor's degree and seven to nine years of related experience with a minimum of four years of technical experience in one or more of the following: computer and network security, vulnerability testing, intrusion detection/prevention, security monitoring and event correlation, or computer forensic analysis.
Relevant Information Security certifications (ex. CISSP, GIAC, MCSE, CEH, CHFI, CISA, CISM, CRISC, etc.)
Strong understanding of security information breech trends and management tools.
Experience implementing security and compliance best-practice processes and procedures
Strong understanding of IP, TCP/IP, and other network administration protocols
Strong understanding of Network Architecture
Experience working in a heterogeneous technical environment
Experience working as a member of a project team
Experience implementing ITIL best practices
Experience managing projects that require interaction with the business