Our client is looking for a Senior Manager of Information Security & Compliance to drive our security and compliance strategy. In this unique role, the information security leader will act as process owner for the development and implementation of an organization-wide information security program and ongoing activities to preserve the availability, integrity and confidentiality of the company’s information resources in compliance with applicable security policies and standards. You will bring your leadership presence and security experience to oversee the implementation of the information security program, working closely with your business partners and stakeholders.
This role leads two distinct functions at the company and partners closely with external vendors, including the company’s Managed Security Service Provider. The ideal candidate will have a deep security and compliance background and demonstrated experience influencing and driving change through an organization. This position is both strategic and tactical in nature.
***We are unable to work with 3rd-party or corp-to-corp candidates for this role***
This position can be performed 100% remotely
- Collaborate with all business groups in formulating policy and strategy for Information Security.
- Communicate and educate all levels of business leadership on the value and their role in IT Security to the company.
- Develop and maintain IT security policies, procedures and guidelines as required ensuring changing enterprise needs are met.
- Regularly discover and assess security threats & risks that could reasonably be of impact to the company and create strategic and tactical plans to mitigate those risks.
- Review availability and identification of unacceptable levels of supplier risk as they pertain to IT security requirements and hold those suppliers accountable to action plans to mitigate those risks.
- Review incident reports for compliance with company policy and procedures and provide for modification of policies and procedures to address new security threats.
- Coordinate development and end user training in accordance with company security policies and procedures.
- Define high level security requirements across multiple disciplines of IT including applications, network and systems.
- Review and approve service provider’s security solutions and procedures as they apply to services being utilized.
- Regularly review and approve project level security requirements and impacts, ensuring IT security best practices, policies and procedures are applied.
- Conduct routine audits of systems & processes to assess adherence of systems to regulatory, compliance, and best practice standards requirements. Collaborate cross functionally to ensure remediation plans are clear and meeting objectives.
- Communicate in written and verbal forms to all levels of the organization on security issues and plans.
- Incorporate ITIL best practices in the go forward plans and procedures for security.
- Act as the coordination point for security events, and routine audit processes.
- Coordinate responses for customer-initiated documentation requests, regarding security policies, procedures and events.
- Provide security requirements for new technologies that are both planned for implementation and under review for potential future deployment.
- Bachelor’s degree in computer science or related field and/or 4+ years of professional IT security and leadership experience
- At least 3 years of information security management experience is required
- At least 3 years of demonstrated technical leadership across one or more technical domains such as application development, systems engineering, network engineering, end point management, cyber security tools (EDR, IDS/IPS, Systems Hardening, etc)
- Certified Information Systems Security Professional (CISSP) is preferred.
- Certified Information Systems Auditor (CISA) and Certified Information Security Manager preferred.
- Demonstrated experience implementing security initiatives that require partnership with business, functional IT departments, and customers.
- Demonstrable experience implementing and operating within industry standard governance frameworks such as Cobit 5, CoSo, or others.
- In-depth knowledge of IT security practices and procedures for enterprise environments including, but not limited to, mobile devices, cloud services, enterprise applications, data centers and networks.
- Desired general knowledge of technical architectural disciplines including:
- Business systems, and web architectures
- System and network security and controls.
- Multi-unit/retail-like systems & end-point architectures
- Current security trends in End Point (PC / Tablet / Smart Phone) technologies
- Advanced knowledge of information security principles and processes including security risk assessment standards, risk assessment methodologies, and vulnerability assessment.
- Superior written and verbal communication skills.
- Demonstrated ability to build relationships with business, supplier, and technology stakeholders.
- Demonstrated ability to implement business-driven solutions in a complex environment.