* Please note that this position is a full-time (W2) position, and we can accommodate contractor candidates *

FULL TIME REMOTE

Job Summary:

Reporting to the IT Director, the Manager of Information Security is responsible for establishing and maintaining a company wide information security and risk management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the company and its clients/customers. This role directs the adoption and implementation of security and privacy policies, security technology and information risk procedures across all locations.

Job Duties and Responsibilities:

Security Management

• Coordinates cross-discipline IT teams to design, implement, test, and operate critical security related systems furthering global information security strategies
• Maintain, update, and enhance the Information Security Program Management in conformance with both security and compliance needs
• Responsible for planning, organizing, developing, and directing the cross functional Security Team to ensure the stable operation of the Security infrastructure
• Responsible for the development and oversight of the company's information security and risk management methodologies, strategy, policies, awareness programs and security goals and metrics
• Responsible for managing and setting priorities for the monitoring and maintenance of the security infrastructure to include On-premises and Cloud-based security technologies
• Responsible for implementing organizational policies and create Security Policies / Process / Procedures
• Responsible for identifying/investigating possible security incidents
• Implements security improvements by assessing the current situation, evaluating trends, anticipating requirements, and preventing breaches
• Drive the delivery of Security plans and implementation of leading practice controls, with an understanding of proactive defense principles and strategies
• Defines and executes the strategic vision understanding the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments
• Analyzes, selects, recommends, and coordinates installation of information security technology with all relevant stakeholders
• Develops and implements tests of computer systems to monitor effectiveness of security through penetration and vulnerability assessments.
• Communicate and document to third party customers and partners the Company's adequate security, architecture, and controls for purposes of data sharing agreements and other new technology-related projects prior to implementation
• Perform annual security program planning.

Security Awareness and Training

• Develops security awareness procedures and training and ensures communication and compliance globally

Risk Management

• Responsible for the development and oversight of the company's information security and risk management methodologies, strategy, policies, awareness programs and security goals and metrics
• Works with senior management to identify, define and confirm the key threats to the company's information assets, internally and externally
• Works with the internal management to ensure that all policies and procedures are effectively implemented

Compliance and Audits

• Responsible for the assessment of security posture and will ensure that global programs and policies comply with local governmental and industry regulatory standards
• Prepares and maintains audit readiness documentation for review with global clients aligned to company policies and demonstrating compliance to security and data procedures
• Coordinates the review and measurement of relevant security system logs and messages to identify and report on possible violations of security

Operations and Reporting

• Responsible for security operations including threat prevention, detection, and incident response strategy to include a formalized incident response process, declaring security incidents, coordinating, and assisting in the investigation of potential incidents, assisting in the recovery from attacks, coordinating with legal, compliance and other stakeholders, law enforcement agencies (where applicable), and developing the post-response control strategy
• Ensures that ongoing monitoring for information security controls are in place and develops action plans, schedules, status reports, budget, and other management communications necessary to address gaps in security protocols or systems and recommends appropriate solutions to executive management

Supervisory Responsibilities:

Will manage a cross-functional information security team with team members across the Information Technology infrastructure, end user and application teams. Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include interviewing, hiring and training employees; planning, assigning, and directing work; performance management; addressing complaints and resolving problems. Working directly with IT management to ensure that all staff goals match and align with department/company goals.

Job Requirements:

• Education
• Bachelor's degree in Computer Science, Cybersecurity or related field or equivalent work experience.
• Experience
• 10+ years overall professional technical experience
• 7+ years of experience in a combination of information security, risk management and privacy practices
• Professional security management certification is desirable, such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or other similar credentials;
• Knowledge and understanding of relevant legal and regulatory requirements, such as: GDPR, HIPAA, ISO/IEC 27001 and NIST security principles
• Skills/Competencies
• Ability to motivate and manage a team of Information Security staff supporting the organization's goal and leads the process of developing a security vision for the future
• Foster and build a collaborative working relationship with various stakeholders
• Adaptable in global and complex environment, with good influencing skills
• Strong people management and interpersonal skills – ability to interact at all levels
• Expert in policy formulation, information security management, and business risk management
• Competent in IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management
• Strong written and verbal communications skills
• Working knowledge of IT audit management including company client audits of internal policies and procedures
• Must be proficient in leading cross-functional teams of senior technology employees to achieve objectives
• Should be adept at dealing with senior executives and constructively challenging ideas and products to achieve desired results
• Possess excellent organizational, prioritization and workflow management skills
• Track record of meeting published uptime and service level objectives
• Balance of strong leadership skills and hands on technical skills
• Capabilities
• Ability to motivate and manage a team of Information Security staff supporting the organization's goal and leads the process of developing a security vision for the future
• Foster and build a collaborative working relationship with various stakeholders
• Expert in policy formulation, information security management, and business risk management
• Competent in IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management
• Strong written and verbal communications skills
• Working knowledge of IT financial management and IT audit management
• Must be proficient in leading cross-functional teams of senior employees to achieve objectives
• Should be adept at dealing with senior executives and constructively challenging ideas and products to achieve desired results