Information Security Manager
OAK BROOK-60521, IL, US
10/24/2020
-
Required Skills
network protocols, frameworks
Company
Infinity Consulting Solutions, Inc
Experience
5 to 7 Year(s)
Job Description
INFORMATION SECURITY MANAGER
A national manufacturing technology firm is growing and in need of an experienced, hands-on Information Security (InfoSec) Manager to join their established team.
As the InfoSec Manager you will be responsible for Information Security leadership, technology, processes, policies, employee awareness, audit, testing and compliance.
You will work closely with the Director to develop a security roadmap, program, projects, standards, and policies that address identified risks and business security requirements.
The ideal candidate must be hands-on and able to lead implementations of IT security programs, projects and infrastructure changes with metrics for ongoing performance measurements and reporting.
You will be leading a small, local team of IT security operations center professionals to attain security program objectives and goals as well as manage 3rd party security partners and vendors including evaluation, selection, contracts, and relationships.
The InfoSec Manager should proactively stay ahead of industry regarding enterprise information security education, certification, best practices, tools for IT and connected platforms.
Excellent communication skills are required as you will be working colaboratively with executives and other internal teams in a higly visible role.
Responsibilities:
Lead the day-to-day activities of threat intelligence, vulnerability management and lab, identify risk tolerances, recommend remediation plans and communicate information about residual risk
Lead penetration testing, vulnerability scanning, and employee awareness training and testing
Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.
Champion security by design with business, IT and security teams to ensure that information security is factored into the evaluation, selection, development, installation and configuration of hardware, applications and software
Work with the Director to develop a multi-year information security strategy, program and projects that address identified risks and business security requirements; develop and manage operations and capital budget based on short- and long-term goals and objectives
Develops and implements security standards, processes and procedures, and guidelines for the security operations center and enterprise; ensures and monitors security compliance with industry and government rules and regulations
Reports security performance against established security metrics
Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff
Serve as an active and consistent IT leader in information security governance; provide support and guidance for legal and regulatory compliance efforts, including audit support; assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors
Manage information security issues and incidents, and participate in problem and change management forums
Manage outsourced partners and vendors that provide information security functions for compliance with contracted service-level agreements
Manage and coordinate operational components of incident management, including detection, response and reporting
Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements
Define and ensure the implementation of technical controls to support and enforce defined security policies
Research, evaluate, design, test, recommend and plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools
Work with the enterprise architecture and infrastructure leads to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements
Protect the company's reputation by keeping information confidential
Maintain professional and technical knowledge by attending educational workshops, professional publications, establishing personal networks, and participating in professional societies
Contribute to the team effort by accomplishing related results and participating on projects as needed
Requirements:
Bachelor's Degree in computer science, information systems management, or related discipline
7+ years of progressive IT Security experience
2+ years in a people or project management capacity
Demonstrated applied knowledge in information security and compliance
7+ years of experience in running the information security program analyzing and applying information security and risk management related practices
5+ years of experience with regulatory compliance and information security management frameworks (e.g., IS027000, COBIT, NIST 800, etc.)
Strong leadership skills and the ability to work effectively with business managers, IT engineering, IT operations staff, Legal, Audit and Compliance
Experience developing and maintaining policies, procedures, standards and guidelines
Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks [Substitute as appropriate]
Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
An understanding of operating system internals and network protocols.
Experience in application technology security testing (white box, black box and code review).
Experience in system technology security testing (vulnerability scanning and penetration testing).
Ability to travel occasionally
Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) preferred
Security Analyst
Information Technology
No Preference
FullTime Job
Other
1
Candidate Requirements
-
Bachelors
Walkin Information
-
10/23/2020
-
Recruiter Details
Doug Klares
1350 Broadway, Suite 2205,
NEW YORK-10018, NY
-