The IT Security Manager will be responsible for implementing and continuously improving an effective and efficient information security program to ensure that security is embedded throughout all processes and systems. This role will also ensure that operational, legal, regulatory and security risks related to IT are assessed and mitigated in a cost effective manner in accordance with the business requirements.
- Provide oversight and advice in areas such as Enterprise Confidentiality, Integrity and Availability, Active Directory Group Policy, Server Hardening, Authentication and Authorization Schemes, Threat Modeling, Vulnerability Management , Security Awareness, Intrusion Prevention, Anti-Malware, File Integrity Monitoring, SIEM and other Security related technologies.
- Monitor and manage security incidents and breaches, determine forensic root cause and take remedial actions to prevent recurrence.
- Develop and maintain IT Security Policies, taking into account the latest malicious tools, techniques and tactics.
- Provide security consulting to business units, primarily Developers, in the areas of On Premise, Co-Located, Cloud and Hybrid architectures in a Global E-Commerce environment
- Provide for ongoing Security Reviews designed to evaluate the current environment as well new and emerging features and technologies to improve iHerb’s Security Posture.
- Lead, mentor and manage the security team resources and ensure services are being delivered as planned and expected to the business.
- Keep abreast of new and emerging security technologies and stay highly adaptable to their potential applicability for iHerb.
- Facilitate internal and external audit activities for all of IT.
- Liaise with Legal, Compliance and the Business for review of contract Security clauses and Data Privacy initiatives
Knowledge, Skills and Abilities:
- Hands on experience in security systems, including firewalls, intrusion detection systems, anti-malware products, authentication systems, log management, content filtering, mobile device security management, DNS, CDN, WAF and related security technologies
- Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
- Excellent knowledge of current protocols and standards, including Active Directory, Group Policies, Core Switching/Routing, SSL/IPSec, SAN, Virtualization, Business Continuity, Disaster Recovery.
- Possess outgoing, collaborative, team oriented style and strong interpersonal skills to successfully manage potential conflicts of information security requirements and business goals
- Possess excellent analytical and problem-solving abilities to identify and fix security risks
- Communicate effectively with all levels of the company tailoring the message appropriately to gain understanding and consensus.
- Success in managing information security programs and projects.
- Ability to work collaboratively with others to achieve business goals and objectives.
- Generally requires A minimum of 7 years’ experience in Information Security and 2+ years’ experience with cloud computing
- Bachelor’s Degree in Information Security, Computer Science, or related field and one or more of these certifications required (CISSP, CISM,CISA)