The Information Security Manager (ISM) coordinates the IT organization's technical activities to implement and manage the security posture, and to provide regular status and service-level reports to management. The ISM is a leadership role that requires an individual with a strong technical background, as well as an ability to work with the regional and group IT organizations and business management to align priorities and plans with key business objectives. The ISM will act as an empowered representative of the IT Management during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans and that service expectations are clearly defined. The ISM will also be responsible for working with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility, and performance.
Primary Duties and Responsibilities:
- Work with IT Management to implement the security program and security projects that address identified risks and security requirements.
- Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department. Propose enhancements to improve the overall security posture.
- Manage the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing Management with a realistic overview of risks and threats in the enterprise environment.
- Work with the IT Management to develop budget projections based on short- and long-term goals and objectives.
- Assist business owners and IT staff in understanding and the remediation of security findings identified through testing and audits.
- Coordinate security communication, awareness, and training for the organization, from senior leaders to operational levels.
- Work with IT teams to ensure that security is factored into the evaluation, selection, testing, installation and configuration of hardware, applications, and software.
- Work with the legal and purchasing departments to ensure mutually acceptable contracts and service-level agreements, in alignment with the organization’s information security policies.
- Coordinate the implementation of technical controls to support and enforce defined security policies. Recommend additional controls as appropriate.
- Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
- Manage and coordinate operational components of incident management, including detection, response, and reporting.
- Effectively communicate successes and progress of the security program.
- Provide support and guidance for legal and regulatory compliance efforts, including audit support.
Requirements:
- A minimum of seven years of IT experience, with five years in an information security role and at least two years in a supervisory capacity.
- A bachelor's degree in computer science, information systems or related field
- Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
- A strong understanding of the business impact of security tools, technologies, and policies.
- Strong leadership qualities and ability to work in teams.
- Excellent verbal, written and interpersonal communication skills, ability to communicate effectively to both the IT organization business personnel.
- In depth understanding of information security concepts, protocols, industry best practices and strategies.
- Experience developing and maintaining policies, procedures, standards, and guidelines.
- Experience applying common information security management frameworks, including the NIST-CSF.
- TWIC Card: You will be required to apply for a TWIC (Transportation Worker’s Identification Card) through DHS prior to your start date. Failures to receive DHS approval, acquire, or renew a TWIC card may result in the termination of employment.
Physical Working Conditions:
- Ability to sit for long periods of time.
- Ability to work in an office environment.
- Ability to work day or night shifts including weekends.
- Ability to use a computer/keyboard and general typing for most of the workday.