Sr. Manager of Information Security

The Sr. Manager of Information Security will lead the Information Security function providing strategic direction and operational control over the entire Information Security Management Program. (ISMP)

Major Responsibilities

Authoring the strategic direction in all Information Security activities championing the need of Information Security across the organization.

Providing input and direction to functional departments plus senior and middle managers throughout the organization on information security matters such as routine security activities and emerging security risks and control technologies

Leads the design, implementation, operation and maintenance of the Information Security Management System based on applicable and current Information Security Frameworks

Prepares and authorizes the implementation of information security policies, standards, procedures and guidelines, in conjunction with the Information Security Governance Committee (ISGC) and Information Security Management Group (ISMG). This includes ensuring compliance both with internal security policies etc. and applicable laws and regulations.

Guides information security awareness, security risk assessments training and educational activities within the organization

Manages external vendors and consultants to safeguard the company's assets, intellectual property and computer systems

Identify protection goals, objectives and metrics consistent with corporate strategic plan

Oversee incident response management.

• Bachelor’s degree from an accredited institution, with degree in Computer Science or Information Technology systems security or related field. Master’s degree preferred. 
• Minimum of eight (8) years within the last ten(10) years of experience in the Information Security field. 
• Expert knowledge of current Information Security Frameworks including NIST or CIS or the ISO 27000 Series. 
• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification. 
• Demonstrated management skills, including Program Management, Vendor Management, budget development and administration, policy development and implementation, personnel administration, staff training and development. 
• Expert knowledge of Incident Response, Business Continuity planning, Auditing, Risk Management and Analysis, as well as contract and vendor negotiation. 
• Experience in developing, documenting, and amending Information Security Policies, Standards and Processes. Establishes Cybersecurity and Risk metrics for reporting. 
• Possesses a mindset that looks beyond “What” happened to “Why” Information Security issues occur. Ability to assess and balance the need for Information Security controls with their impact to the organization. 

• Experience in implementation, operation, and continuous strengthening of IS Products & Services desired including:
  
  
  • SIEM 
  • Vulnerability Management 
  • Network Perimeter Control 
  • Device Encryption 
  • Anti-Virus & Anti-Malware 
  • Data Loss Prevention 
  • E-Mail And Web Gateways 
  • Cloud Access Security Brokers 
• Ability to communicate security-related concepts to a broad range of technical and non-technical staff 
• Strong written, verbal, and interpersonal skills combined with ability to effectively communicate with subordinates through the CEO. 

Keywords:
Information Security Analyst
IT Security Analyst
Information Security Specialist