IT Security Manager

Purpose

How does the position contribute to the success of the operation, division and company?

The IT Security Manager is responsible to manage the development, delivery, monitoring, maintenance, and enhancement of Information Technology (IT) risk and security policies, standards, procedures, and best practices to ensure the security of information systems across the enterprise. The manager will oversee and participate in the planning and implementation of security administration for all IT applications and projects as well as the evaluation and selection of security applications and systems. Additionally, they will develop and maintain policies, standards, processes and procedures to assess, monitor, report, escalate and remediate IT risk and compliance related issues. The manager will also be expected to be a part of the planning, development, and oversight for the Disaster Recovery and Business Continuity program and processes for the company.

Essential Duties, Responsibilities, Expectations and Performance Measures What measures or metrics will the individual be measured on and what level of performance is required?Other duties may be assigned.

• Manage the selection, development, deployment, monitoring, maintenance, and enhancement of the organization's security technologies, policies, procedures, standards, best practices and architecture.
• Manage the design, implementation, operation and maintenance of an Information Security Framework based on industry standards.
• Manage and maintain highly effective Identity and Access Management, and Risk and Security Monitoring functions for the corporation.
• Manage team participation in the planning and implementation of security administration for all IT applications and projects.
• Lead the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations.
• Work collaboratively with corporate leaders and various technical teams in the design and implementation of audit, risk assessment, and regulatory compliance practices and documentation for IT.
• Prepare information security risk controls and perform assessment activities under the direction of IT management.
• Perform and participate in IT audits. Implement processes and methods for auditing and addressing non-compliance to information security standards.
• Participate and cooperate with information security incident investigations.
• Oversee security incidents through proper means of tracking, reporting, and resolving the incidents.
• Lead or commission suitable information security awareness, training, and educational activities to the organization.
• Work collaboratively with IT management and business leaders on initiatives for business continuity and disaster recovery.
• Manage and facilitate the governance for Disaster Recovery and Business Continuity Planning.
• Develop a strong DR/BCP program and processes, including the testing and documentation of tests and plans.
• Work with vendors to identify and purchase appropriate solutions and services.
• Work with minimal supervision.

Leadership Competencies

Which of the 16 Zenger Folkman Leadership Competencies are critical for the successful performance of this job?

• Champions Change (Leading change);
• Collaboration and Teamwork;
• Solves Problems and Analyzes Issues;
• Communicates Powerfully and Prolifically;
• Technical/Professional Expertise;
• Displays High Integrity and Honesty (character);
• Builds Relationships;
• Takes Initiative; Innovates

Knowledge/Skills/Education and Continuous Training

What skills/certification/education must the individual have/maintain/gain? Include any degrees, certifications, and licenses required.

• Bachelors Degree in IT Security, Computer Science, Information Technology or related discipline or extensive experience.
• 5+ years experience in IT Security or IT Audit.
• 3+ years developing policies, procedures, and standards.
• 2+ years supervisory/management experience.
• Prefer one or more security/risk certifications (CISSP, CISM, CISRCP, CRISC, Security+, CISA, etc.).
• Knowledge of:
  • Information risk and security frameworks, methods and best practices (COBIT, NIST, etc.)
  • SAP application security
  • Identity and Access Management methods and architectures
  • Auditing and general purpose test procedures
  • Network, firewall and computer architectures
  • Databases (MS SQL Server, etc.) and their uses
  • System development life cycle
  • Disaster Recovery and Business Continuity Planning processes
  • Problem analysis, triage and trouble-shooting methodologies
  • Process improvement methods
  • Security for networks and applications
  • Data Center operations
  • Project management
• Skills:
  • Effective written and verbal communication
  • Analytical and problem solving
  • Innovative and analytical thinking
  • Planning and organization
  • Microsoft Office - Intermediate
• Abilities:
  • Align risk and security processes with best practices, corporate strategy, business requirements, and IT capabilities
  • Formulate strategic and tactical risk and security recommendations
  • Develop and lead cross-functional teams and processes, clearly defining roles and responsibilities
  • Communicate effectively with all levels of corporate management
  • Set objectives and manage projects in several areas of responsibility
  • Create technical specifications related to information security and/or business risk
  • Methodically analyze and solve problems
  • Conduct risk analysis, assign risk scores, and assign priorities

Reporting Line and Supervisory Responsibilities

• Reports to the Director IT Operations and Security
• Highly collaborative across the IT Management
• No direct staff for now, but functional leadership across IT security functions.

Physical Demands and Work Environment

What working conditions or physical functions are normally required to perform the essential functions of the job?

• Light office work
• Lifting up to 50 pounds

Pay is DOE but can be up to $122,000 plus yearly incentive bonuses