Information Security Risk Manager Jobs in California

Job Description JOB SUMMARY: The Information Security Program Manager is responsible for ensuring information systems architecture, configuration, use, and functionality are compliant with regulations and industry best practice to safeguard protected information and the integrity of information assets of the client. He or she ensures activities and functions of information systems reflect client's policies and procedures, federal and state laws, and industry standards. The role is also responsible for ensuring disaster recovery and business continuity plans are in place for information assets.

This leader assumes a primary role in incident response and vulnerability management. This position manages the information security risks and directs IT resources in the management of risk analysis, remediation or acceptance. He or she will manage security risk remediation projects including deployment of new technologies, adoption of new procedures, and ongoing monitoring efforts.

This includes management of ongoing security awareness training and security incident response. He or she works closely with the Compliance Officer with respect to privacy issues and possible breach response. The Information Security serves as the organizational Information Security Officer and is the subject matter expert for information security administrative and technical controls, and as such, serves as a resource to the CIO and other departmental leaders.

He or she will make technology and process recommendations to the organization to ensure best practice. EXPERIENCE/QUALIFICATIONS: Four (4) plus years of information security experience IT Engineering experience in security systems (e.g., malware, server hardening, network intrusion detection, firewalls, etc) EDUCATION: Bachelor's degree or equivalent LICENSURES/CERTIFICATION: At least one of the following security certifications required: Certified Information System Security Professional (CISSP) CISM CISA Must successfully complete and maintain LA County Fire Card certification at the time of hire or within the first 30 days of employment DUTIES AND RESPONSIBILITIES ( These are the essential job functions for this position. The essential functions of this job include, but may not be limited to those listed in this job description

Employees hired for this position must be able to perform the essential function of this job without imposing significant risk of substantial harm to the health or safety of themselves or others) : Develops and maintains Information Security program through establishment of information security governance, policies, technology framework, best practices in IT, and staff education and certification Coordinates execution of security assessments, health checks and security enhancements. Develops, implements, and maintains information privacy and security policies, procedures, and guidelines through ongoing review and authorship. Performs periodic information privacy and security risk assessments while developing risk mitigation plans.

Evaluates, recommends, and implements systems for detection and prevention of information privacy and security breaches. Oversees and continually improves information security awareness training program Evaluates all new systems for compliance with information privacy and security policies and procedures, federal and state laws, and industry standards through a risk assessment process. Maintains current knowledge of federal and state information privacy and security laws and industry standards.

Coordinates the development of procedures and implementation of information technologies to ensure capability to recover from disaster or outages for each critical functional area of the organization Coordinates, designs, develops, maintains, and exercises (tests) the overall IT disaster recovery plans for each critical functional area of the organization . Works with IT and non-IT staff on security program initiatives and resolves security related issues. Provides leadership of projects and technical implementations.

Directs penetration tests, vulnerability scans and the vulnerability management program. Creates remediation plans to address relevant security findings. Monitors advancements in information security technologies and adapts new technology to enhance the company's security posture.

Creates security posture dashboard for management level reporting Manages information security risk register and risk remediation efforts emanating from the most recent risk analysis under applicable frameworks. Manages the relationship with Security Operations Center (SOC), threat Intelligence providers, including all professional monitoring of security events, logs, and alerts. Ensures and continually improves quality and value of the deliverables from these external partners.

Takes active leadership role in coordinating security incident response including identification, containment, remediation, forensics and, in collaboration with Compliance Officer, breach notification. Assesses all security tools for effectiveness, appropriateness, obsolescence and makes recommendations for future tool investments and maintains the enterprise security position dashboard Audits business associate compliance with existing BAA and regularly reviews BAAs or other contractual terms and conditions related to security while making recommendations Assists the CIO in development of information security presentations for executive leadership and board.