Isc 2

SUMMARY: The IT Security Manager's role is to ensure the secure operation of all in-house, cloud-based systems, servers, and IOT devices. The IT Security Manager performs two core functions for the enterprise. The first is overseeing the operations of the enterprise's security solutions through management of the organization's security analysts. The second is establishing an enterprise security stance through policy, architecture and training processes.

Secondary tasks will include the selection of appropriate security solutions, and oversight of any vulnerability audits and assessments. The IT Security Manager is expected to interface with peers in the Information Security, Applications & Development, and Infrastructure & Operations areas to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation.

This includes reviewing server and firewall logs, scrutinizing network traffic, establishing and updating virus scans, and troubleshooting. This person will also analyze and resolve security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits when required.

ESSENTIAL DUTIES and RESPONSIBILITIES:

Strategy & Planning

• Assist in creating and maintaining the enterprise's security documents (policies, standards, baselines, guidelines and procedures).
• Assist in creating and maintaining the enterprise's Business Continuity Plan and Disaster Recovery Plan, where appropriate.
• Conduct research on security products, services, protocols and standards in support of procurement and development efforts. Provide recommendations to senior management related to this research
• Maintain knowledge and awareness with emerging security alerts and issues. Ensure senior management is appraised of any issues or potential issues
• Continually evaluate need for any security reconfigurations and recommend appropriate changes as needed

Acquisition & Deployment

• Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise's existing procurement processes.
• Oversee the deployment, integration and configuration of all new security solutions and enhancements to existing security solutions in accordance with industry best operating procedures generically and the enterprise's security policies and standards specifically.

Operational Management

• Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
• Ensure the enforcement of enterprise security documents.
• Supervise all investigations into problematic activity and provide on-going communication with senior management.
• As part of the Incident Response Core Team perform and oversee responsibilities assigned to security team members required by incident response management.
• Supervise the design and execution of vulnerability assessments, penetration tests and security audits.
• Engage in ongoing communications with peers within IT and Information Security groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.
• Complete all mandatory and elective training, including BSA (Bank Secrecy Act) and Anti-Money Laundering procedures. Maintain complaince with all appropriate rules and regulations.
• Regular, predictable attendance is an essential requirement of this position
• Complete all other duties as assigned

EDUCATION and/or EXPERIENCE:

• Associate's Degree or university degree in the computer related field with Bachelor's Degree preferred.
• Minimum of three (3) years' network/security equivalent work experience (five (5) years' preferred),
• One or more of the following certifications:
  • GIAC Security Essentials Certification
  • GIAC Security Leadership Certification
  • ISACA Certified Information Security Manager
  • Microsoft Certified Systems Engineer: Security
  • (ISC)2 SCCP
  • (ISC)2 CISSP
  • (ISC)2 ISSAP

• Knowledge of Word, Excel, Internet navigation/research, and Outlook is expected
• Hands-on hardware troubleshooting experience
• Knowledge of applicable data privacy practices and laws
• Must have excellent judgment and decision making skills.
• Must be able to work independently and without supervision.
• Experience working in a team-oriented, collaborative environment utilizing excellent interpersonal/people skills and solid presentation skills.

E-Verify is used to confirm the identity and employment eligibility of all newly hired employees.

Farmers National Banc Corp. is an Equal Opportunity Employer: disability/veteran

Bachelors of Information Technology (required)