Other
This job posting has expired and is no longer accepting applications. Check out similar jobs
Job description
The IT Security Program Manager focuses on bringing project and risk management expertise to the management of cyber security programs and policies. This position will strengthen information security as a strategic partner to other business areas and significantly contributes to cyber security risk management processes, metrics, reports, and other security awareness and communication tools. In addition, coordinate various cybersecurity-related tasks within the Information Technology Department, which include, but are not limited to identifying information security risks, analyzing those risks, and identifying appropriate solutions. This position will work with IT, Security, and other Engineering staff to implement and maintain Security infrastructure that meets company and regulatory compliance initiatives. The IT Security Program Manager will also serve as a Technical Operations Security expert and support other Operations Security resources in their tasks.
Skills and Responsibilities:
Secures Climate information by planning, implementing, and testing security systems; preparing and updating security procedures; mentoring team members.
• Provide SME technical knowledge for IT Integration with the parent company
• Protects system by defining access privileges, control structures, and resources
• Develop Security Policies and Standard Operating Procedures based on high-level Security Policies and develop and report monthly compliance status reports
• Proactively identifies and implements security improvements by assessing the current situation; evaluating trends; anticipating requirements; recognizing problems by identifying abnormalities; reporting violations; suggesting configuration changes to the server, network, Infotree, and/or security devices
• Perform gap analyses between current usages of the tools and optimal usage based on business requirements.
• Identifies security violations, deficiencies, and inefficiencies through periodic audits and regular monitoring. Ensures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programs; recommending improvements.
• Arranges for and coordinates vulnerability and penetration testing activities.
• Assist with any required auditing or audit readiness functions
• Reviewing, making recommendations for improvement, documenting, and coordinating activities to maintain appropriate application security for both Commercial-Off-the-Shelf and for internally developed applications in alignment with best practices and any Industry standards.
• Complete complex tasks spanning multiple domains
• Collaborates with other IT teams to troubleshoot performance issues with Security tooling
• Contributes to team effort by assisting and mentoring IT and Sec Eng teammates and works under minimal supervision
• Build relationships across Climate, LLC through effective communications with users and stakeholders by providing project and issue status regularly
• Provide oversight and management of Managed Service Providers where services and/or tools have been outsourced
• Can marshal resources (people, funding, material, and support) to get things done; can orchestrate multiple activities at once to accomplish a goal; uses resources effectively and efficiently; arranges information and files in a useful manner
• Authoritative, quick decision-making within the defined span of control; focused on established systems and technologies; fact-based, solution-oriented, minimal risk-taking
• Maintains technical knowledge by attending educational workshops; reviewing publications
Basic Qualifications and Experience:
• B.S. degree in Security, Engineering, or Computer Science, a related field, or experience
• 9+ years of IT/Security experience
• Proven ability to document Security SOPs, Policies, and Standards
• Strong communication skills, both written and verbal
Preferred Qualifications:
• Understanding of Security frameworks, such as NIST, CIS
• Working knowledge of various cybersecurity technologies, e.g., SIEM, IDS/IPS, AV, DLP, TVM
• Splunk search, alert reporting, dashboarding experience, or equivalent experience with log aggregation and reporting tool
• Relevant IT / cyber security certification is desired, such as GIAC, CISSP, CISM, Security+, CEH, etc
• Understanding of Server, Infrastructure, and Endpoint configuration settings
• Working background in Network and/or Infrastructure Security
• Knowledge of Cloud Security Concepts
• Understanding of Incident Response and application of process
• Proven understanding of Identity and Access Management
• Experience with Atlassian tools, such as Jira and Confluence
• Strong knowledge and understanding of the various ways attacks are carried out against a system or network and how to effectively detect them
• Knowledge of applicable data privacy practices and laws
Other Helpful Pages Related To IS Security (General)-Expert
Model Risk Management Salaries
Frequently asked questions
Q: What skills or qualities help someone succeed as a Security Lead?
A: To succeed as a Security Lead, key technical skills include expertise in threat analysis, risk management, and security architecture, as well as proficiency in security frameworks and compliance regulations. Soft skills such as strong communication, leadership, and problem-solving abilities are also crucial, enabling the Security Lead to effectively collaborate with teams, prioritize security initiatives, and make informed decisions in high-pressure situations. By combining these technical and soft skills, a Security Lead can effectively protect an organization's assets, drive security innovation, and advance their career through leadership opportunities and industry recognition.
Q: What is the career path for a Security Lead?
A: A Security Lead typically follows a career progression from entry-level roles such as Security Analyst or Information Security Specialist, to mid-level positions like Senior Security Analyst or Security Engineer, and eventually to senior roles like Security Manager or Chief Information Security Officer (CISO). Key opportunities for skill development and professional growth in this role include staying up-to-date with emerging threats and technologies, developing expertise in security frameworks and compliance regulations, and honing leadership and communication skills to effectively manage security teams. Long-term career prospects for a Security Lead may include transitioning into executive roles, pursuing a career in cybersecurity consulting, or specializing in a particular area such as cloud security or incident response.