Information Security Manager
Requisition ID: 125525
Job Category: IT
Location: United States-Texas-Plano-5085 West Park Blvd Suite 300 75093
Posted Date: 11/29/2017 1:58:21 PM
Responsible for prioritizing, scoping and managing team(s) responsible for the implementation, execution and monitoring of Information Security processes and procedures. Provides Leadership and guidance in securing information owned or used by the firm. Ensures integration of the information security program with firm processes. Executes projects and initiatives that identify and manage information risk. Audits and consults on information risk management practices to various constituents internally as well as externally including customers. Mentors and develops subordinates through a combination of assignments, performance appraisals and internal/external training.
- Prioritize, Scope and Manage Team
- Provide Leadership and Guidance
- Ensure Integration of Security Program Processes
- Audits and consults on Information Risk
Key Job Responsibilities
- Monitors emerging technologies; identifies gaps in security architecture and framework suitable for tool automation or enhancement; identifies functional specifications for tools and proposes solutions to IT Leadership.
- Defines measures and targets to be used as key performance indicators (kpis); identifies normal states,variance tolerance and escalation/alarm thresholds; manages team performance to target and assists with escalation to ensure timely resolution
- Tracks project activities, ensures security deliverables are met on time; alternate representative to large project; provides guidance on security policy, technology risk and appropriate controls; escalates variance to senior management for guidance and resolution.
- Responsible for enterprise security architecture; documents design attributes and target components; ensures security is incorporated into projects and products during plan and design phases.
- Develops cross-functional strategies to reduce technology and operational risk within the information security team and across the company; reviews and approves recommended policy and procedure changes; serves as subject matter expert on it security and business/firm applications, tools, polices and controls.
- Monitors policy and standard review process; advises analysts and engineers on structure, format and content.
- Selects vendors in compliance with sourcing policies and departmental requirements; monitors vendor performance to contract and resolves issues.
- Ensures contract reviews are completed; advises engineers on contract review and commentary; reviews and resolves escalated language issues; represents information security in direct negotiations with the customer.
- Monitors and reviews audit processes; develops metrics for tracking resources committed to audit support; Identifies standard security metrics for external representation; drives reduction of audits through improved metrics, communications and billing for audit time.
- Drafts and delivers awareness content for senior managers; responsible for execution of annual security awareness training; reviews and edits internal and external communications for approval by senior management
- Develops and maintains incident response and investigation procedures; ensures staff is properly trained in incident response; functions as incident commander during security investigations and incident response; Ensures incident findings and closures are documented and reported to management
- Identifies control gaps; works to develop and implement appropriate internal procedures; ensures adequate and appropriate business and technology controls are in place to comply with applicable laws and regulations.
- Responsible for respective department’s overall performance and for motivating team to exceed department goals and objectives.
Minimum Education and Experience:
- Bachelor’s Degree in Computer Science, Business Administration or Information Assurance; Master's degree preferred.
- Four years of Information Security experience required.
- Seven years of Information Security experience preferred.
- Three to five years of information Security or Technology management experience.
- Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or equivalent certification required.Knowledge, Skills and Abilities:
- Experience developing security programs and strategies managing compliance with three or more of the following regulatory frameworks:- Health Information Portability and Accessibility Act (HIPAA)- Federal Information Security Management Act (FISMA)- Sarbanes Oxley or EU Data Privacy
- Experiencing developing security programs and strategies managing compliance with the following security frameworks and reporting/assessment methodologies:- Payment Card Industry Data Security Standard (PCI DSS),- ISO 27002- Service Organization Controls (SOC 1/2) reporting
- Experience developing and delivering security programs and strategies incorporating:- Strong Authentication, Access control, Network Security and firewall/IDS/IPS, Cryptography, SecurityPolicy and control development, forensics and investigations, information and event management/correlation, vulnerability scanning and/or secure application development
- Experience developing and delivering security programs and strategies for securing the following Operating systems and utilities:- UNIX, Linux, Windows, Active Directory and Group Policies
- Proficient personal computer skills including Microsoft Office.
- Excellent interpersonal, written, and oral communication skills.
- Ability to prioritize and organize work in a multitasked environment.
- Ability to adapt to a flexible schedule.