IT Security Manager

JOB SUMMARY

DUTIES & RESPONSIBILITIES

• Maintain a corporate-wide information security management program to ensure that information assets are adequately protected.
• Implement and monitor a strategic, comprehensive enterprise information security and risk management program
• Implement security protocols and best practices to protect sensitive data and ensure compliance with regulations (e.g., SOX, PCI, GDPR).
• Collaborate with software engineers, product managers, and other stakeholders to integrate security measures into the product development lifecycle.
• Assist in completion of cybersecurity / data privacy review by potential customers and business partners
• Maintain a vendor cybersecurity / data privacy program to perform initial and on-going diligence as to the adequacy of each vendor’s cybersecurity / data privacy processes and protections.
• Lead incident response efforts and investigate security incidents or breaches to mitigate risks and prevent future occurrences.
• Perform penetration testing and vulnerability assessments to identify weaknesses in systems and recommend solutions for remediation.
• Understand and interact with related functions to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide guidance and support to internal teams on security-related matters, including training and awareness programs.
• Manage team members responsible for IT security, operations and infrastructure support activities.

QUALIFICATIONS

• Bachelor’s degree in IT Security, Cybersecurity or educational equivalent.
• Minimum of 5 to 7 years of experience in a combination of risk management, information security and IT operations.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Knowledge of cloud platforms like AWS, Azure and tools for monitoring and securing them.
• Knowledge of MDR solutions.
• Strong understanding of security principles, protocols, and technologies, including encryption, firewalls, intrusion detection systems, etc.
• Experience with security assessment tools and methodologies, such as penetration testing, vulnerability scanning, and risk analysis.
• Familiarity with regulatory requirements and standards.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary.
• Experience with contract and vendor negotiations and management including managed services.
• Excellent written and verbal communication skills and high level of personal integrity

• Exposure to Secure Product Development Framework (SPDF)
• Relevant IT Security certifications (e.g., CISSP, CEH, CISM, etc.)

PHYSICAL DEMANDS & WORK ENVIRONMENT

• Must be able to remain in a stationary position and operate office equipment for a prolonged period.
• Physical activities include, but not limited to constant manual dexterity, moving about the work site, and/or handling objects weighing up to 20 lbs.
• Other infrequent physical activities include, but not limited to, positioning self to complete assigned tasks, and ascending/descending floors and/or ladders.
• Must be able to work in a schedule that commensurate with business operation, including work during weekends, holidays and/or times outside of normal business hours.
• Must be able to travel as business necessitates (up to 10 %).