Manager - Information Security

• Acts as the Security subject-matter expert for the assigned business(es), and serves as central point of contact for the CIOs (Chief Information Officer)
• Identifies critical areas of focus, drives future investment needs, and ensures execution of initiatives, and manages the delivery of and monitoring for activities
• Performs security and risk analyses to identify cost-effective and essential safeguards, and creates and delivers metrics related to these activities
• Supports the development of security roadmaps for key business and technical areas, balancing technology opportunities and business demand/requirements
• Assists in the documentation of information security requirements into propositions and business cases and ensures early visibility of changing business requirements and their impact on information security
• Maintains a strong understanding of the business IT strategy, overall security enterprise architecture direction and applies this knowledge to recommendations and security architecture
• Promotes compliance with all information security policies and principles mandated by the organization, they supporting policy communication, development and adherence
• Oversees the planning, execution, and management of multi-faceted projects related to Endpoint Detection and Response, Security orchestration automation and response (SOAR), User entity behavior analytics (UEBA), and Next-Generation Security Information and Events Management.
• Advises on the strategic and tactical direction and consultation on Information security initiatives and reports any process gaps to management and recommends possible solutions
• Participates in goals/KPIs setting, budget creation and performance management of Information Security Strategy team
• Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information and consults with other business and technical staff on potential business impacts of proposed changes to the security environment
• Works with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls and directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk
• Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications and reports on them with actionable recommendations
• Monitors the legal and regulatory environment for development/changes and recommends, manages, and implements required changes to information security policies and procedures
• Provides divisional insight to the enterprise cybersecurity organization to make business-informed decisions on enterprise policy and controls
• Ensures cybersecurity across multiple departments system-wide and interacts at all levels of staff and management to understand risks, threats, problems and finds security solutions
• Provides enterprise-wide leadership to establish and maintain comprehensive information security and data privacy program ensuring compliance and managing organizational risks

Education:

• bachelors Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience.

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certification in Information Security Strategy Management (CISM)
• Information Technology Infrastructure Library (ITIL)
• Offensive Security Certified Professional (OSCP)
• Project Management Professional (PMP) Certification
• TS-SCI Security Clearance Certification

WORK EXPERIENCE:

• 5+ years of directly-related or relevant experience with 2+ years in a managerial capacity, preferably in information security.

SKILLS & KNOWLEDGE:

Behavioral Skills:

• Coaching and Mentoring
• Collaboration
• Conflict Resolution
• Critical Thinking
• Detail Oriented
• People Management
• Presentation Skills

Technical Skills:

• IT Risk Management
• IT Controls
• Cyber Attack Mitigation
• Enterprise Architecture
• Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI)
• IT Risk Management
• Network Security
• Information Security Strategy Continuity
• Threat Modelling

Tools Knowledge:

• Microsoft Office Suite
• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc
• Security Testing Tools - Open Source and COTS security tools

• Threat Intelligence Tools
• Vulnerability Testing Tools