About the Company:
Our client is seeking an experienced Information Technology Security Manager
About the Role:
In this role, you will be responsible for cybersecurity programs and activities across the organization. The Information Security Manager will develop GRC standards for data protection, incident response, security architecture, Security Risk Management, threat management, vulnerability management, awareness training, policies and standards.
Responsibilities:
- Work with third party security providers including SOC providers, managed security, MDR, pen testing, vulnerability scan providers, risk assessment and auditors.
- Develop and enhance governance, information risk, compliance (GRC) and information security programs related to system and data protection efforts across the company.
- Utilize a risk-based approach to manage information security.
- Serves as primary cyber-security threat expert keeping apprised of emerging industry trends and strategies to mitigate threats.
- Maintain and update incident response plans and lead incident response activities.
- Maintain and update information security policies, requirements, and standards.
- Develop, enhance and manage the security awareness program including employee phishing and social engineering exercises.
- Coordinate software development security code review.
- Lead the security evaluation of new and existing technologies and standardize system security configurations.
- Review third party contracts for security and data protection purposes.
- Participate in BC/DR plans by implementing security best practices.
Qualifications:
Bachelor’s degree in Computer Science, MIS or similar
Must have a minimum of 3 years of experience in a similar capacity.
Strong problem solving and decision-making skills. Ability to prioritize and manage multiple tasks in a high-energy environment. Ability to document policies, standards, requirements and procedures. Ability to maintain confidential and/or proprietary information. Display strong interpersonal skills with the ability to create and maintain solid working relationships.
Required Skills:
- Secure network architectures
- Identity and access management principals
- Cloud security best practices
- Risk management frameworks
- Virtualization technologies
- Incident response methodology and management
- Penetration and vulnerability management systems
- Cybersecurity training programs including phishing, social engineering, and compliance
- Secure coding practices
- Experience implementing security standards including NIST Cybersecurity Framework, ISO 27000 series, PCI-DSS, HIPAA and CIS Critical Security Controls
