IT Security Manager

Job Description: Summary/Purpose Manager, Information Security and Compliance for our North American Region. This is a key leadership position with accountability for the firm’s information security, data privacy regulatory compliance and information risk auditing. This position reports to the Director of IT North America. Essential Duties and Accountabilities: Responsibilities:• Manage all aspects of Information Security, Data Privacy Compliance, Information Governance Coordination and Information Risk Auditing, including Client Audits, Internal, External, and Vendor.• Develop, document and implement information security procedures to enforce compliance with information security standards and policies.• Advises the organization with current information about information security technologies and related regulatory issues. Includes analysis & proposal of security products and services to determine best risk management environment.• Serves as a technical adviser for projects & provides technical support on matters related to information security.• Monitors the internal control systems to ensure that appropriate security is maintained.• Analyzes/reviews information on emerging cyber threats, and is actively engaged in industry forums on threats and opportunities. Makes improvement recommendations to managers at all levels to ensure compliance with laws, standards and policies while managing business risks.• Develop programs and conducts education and training in support of security awareness.• Develops and advises on IT Security budget and manages spend within the cost structure.• Manage IT Security Assets within approved budget and operational guidelines.• Collaborate with other IS teams on solutions to mitigate risks and enhance system security.• Provide detailed and clearly written communications such as documents, procedures, and processes.• To guide and support the efforts described above, the development and continuous refinement of an information risk program is expected. JSOX: • Lead the coordination process of all IT JSOX Compliance activities.• Serve as the key liaison between Accounting/Finance, IT, Internal Audit, and Kemper’s external auditors in JSOX IT matters.• Assist the Corporate JSOX Compliance team with IT system/infrastructure scoping, risk assessment, and control design.• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.• Play key role in the implementation of new systems brought into JSOX scope, including risk identification/mitigation, control design, and pre-/post-implementation reviews. Supervisory Responsibilities: • Responsible for direct team and 3rd party service partners Job Knowledge, Skills and Abilities: • Knowledge of Information Security / Risk Management best practices and regulatory environment (relevant to the legal or professional services environment preferred).• Experience developing, implementing, and evaluating security standards and procedures in multiple platforms and systems environments.• Understanding of key security technologies such as encryption, TCP/IP, HTTP, DNS, web application security, data loss prevention, mobile device management, etc.• Demonstrable experience working closely with IT and executive leadership and staff to develop plans, designs, architectures, and roadmaps to create a proactive information security environment.• Accountability and/or understanding of information governance (notably records management, security, and data privacy compliance) relevant to professional service environment. • Advanced problem solving skills and the ability to work collaboratively with others to resolve complex issues with innovative solutions.• High level of personal integrity and the ability to handle confidential matters with proper judgment• Familiarity with control frameworks (e.g., ISO, COBIT, JSOX and NIST).• Familiarity with IT governance structures, such as ITIL. • Proven leadership skills, team-orientation, and a proactive and optimistic management style.• Proven project management skills.• Strong verbal & written communication skills as well as presentation skills to effectively communicate to various levels throughout the organization.• Willingness to work a flexible schedule to accommodate project deadlines and travel requirements.• Expert knowledge and experience with the following technologies: Firewalls, Intrusion Prevention/Detection Systems, Dual-factor Authentication, Endpoint Security and Security Information and Event Management Tools Education and Experience: Experience & Qualifications:• 7+ years of experience in an Information Security related role with at least five years of experience in a management capacity relating to information security & policy, preferably in a professional services environment.• Bachelor's degree in Management Information Systems, Information Security, Information Technology, Information Systems Management, or related field preferred. • Preferred certifications: CISSP and/or SANS. Work Environment/Physical Demands: •Work is mostly performed in a normal office setting with minimal exposure to health or safety hazards, and with substantial time spent working on a computer. Requires sufficient hand, arm, and finger dexterity to operate computer keyboard and other office equipment. •The performance of this position may occasionally require exposure to manufacturing areas which require the use of personal protective equipment such as safety glasses with side shields and mandatory hearing protection. •Travel by automobile and plane required approximately 10-20% of time Summary/Purpose Manager, Information Security and Compliance for our North American Region. This is a key leadership position with accountability for the firm’s information security, data privacy regulatory compliance and information risk auditing. This position reports to the Director of IT North America. Essential Duties and Accountabilities: Responsibilities:• Manage all aspects of Information Security, Data Privacy Compliance, Information Governance Coordination and Information Risk Auditing, including Client Audits, Internal, External, and Vendor.• Develop, document and implement information security procedures to enforce compliance with information security standards and policies.• Advises the organization with current information about information security technologies and related regulatory issues. Includes analysis & proposal of security products and services to determine best risk management environment.• Serves as a technical adviser for projects & provides technical support on matters related to information security.• Monitors the internal control systems to ensure that appropriate security is maintained.• Analyzes/reviews information on emerging cyber threats, and is actively engaged in industry forums on threats and opportunities. Makes improvement recommendations to managers at all levels to ensure compliance with laws, standards and policies while managing business risks.• Develop programs and conducts education and training in support of security awareness.• Develops and advises on IT Security budget and manages spend within the cost structure.• Manage IT Security Assets within approved budget and operational guidelines.• Collaborate with other IS teams on solutions to mitigate risks and enhance system security.• Provide detailed and clearly written communications such as documents, procedures, and processes.• To guide and support the efforts described above, the development and continuous refinement of an information risk program is expected. JSOX: • Lead the coordination process of all IT JSOX Compliance activities.• Serve as the key liaison between Accounting/Finance, IT, Internal Audit, and Kemper’s external auditors in JSOX IT matters.• Assist the Corporate JSOX Compliance team with IT system/infrastructure scoping, risk assessment, and control design.• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.• Play key role in the implementation of new systems brought into JSOX scope, including risk identification/mitigation, control design, and pre-/post-implementation reviews. Supervisory Responsibilities: • Responsible for direct team and 3rd party service partners Job Knowledge, Skills and Abilities: • Knowledge of Information Security / Risk Management best practices and regulatory environment (relevant to the legal or professional services environment preferred).• Experience developing, implementing, and evaluating security standards and procedures in multiple platforms and systems environments.• Understanding of key security technologies such as encryption, TCP/IP, HTTP, DNS, web application security, data loss prevention, mobile device management, etc.• Demonstrable experience working closely with IT and executive leadership and staff to develop plans, designs, architectures, and roadmaps to create a proactive information security environment.• Accountability and/or understanding of information governance (notably records management, security, and data privacy compliance) relevant to professional service environment. • Advanced problem solving skills and the ability to work collaboratively with others to resolve complex issues with innovative solutions.• High level of personal integrity and the ability to handle confidential matters with proper judgment• Familiarity with control frameworks (e.g., ISO, COBIT, JSOX and NIST).• Familiarity with IT governance structures, such as ITIL. • Proven leadership skills, team-orientation, and a proactive and optimistic management style.• Proven project management skills.• Strong verbal & written communication skills as well as presentation skills to effectively communicate to various levels throughout the organization.• Willingness to work a flexible schedule to accommodate project deadlines and travel requirements.• Expert knowledge and experience with the following technologies: Firewalls, Intrusion Prevention/Detection Systems, Dual-factor Authentication, Endpoint Security and Security Information and Event Management Tools Education and Experience: Experience & Qualifications:• 7+ years of experience in an Information Security related role with at least five years of experience in a management capacity relating to information security & policy, preferably in a professional services environment.• Bachelor's degree in Management Information Systems, Information Security, Information Technology, Information Systems Management, or related field preferred. • Preferred certifications: CISSP and/or SANS. Work Environment/Physical Demands: •Work is mostly performed in a normal office setting with minimal exposure to health or safety hazards, and with substantial time spent working on a computer. Requires sufficient hand, arm, and finger dexterity to operate computer keyboard and other office equipment. •The performance of this position may occasionally require exposure to manufacturing areas which require the use of personal protective equipment such as safety glasses with side shields and mandatory hearing protection. •Travel by automobile and plane required approximately 10-20% of time Manager, Information Security and Compliance for our North American Region. This is a key leadership position with accountability for the firm’s information security, data privacy regulatory compliance and information risk auditing. This position reports to the Director of IT North America. Essential Duties and Accountabilities: Responsibilities:• Manage all aspects of Information Security, Data Privacy Compliance, Information Governance Coordination and Information Risk Auditing, including Client Audits, Internal, External, and Vendor.• Develop, document and implement information security procedures to enforce compliance with information security standards and policies.• Advises the organization with current information about information security technologies and related regulatory issues. Includes analysis & proposal of security products and services to determine best risk management environment.• Serves as a technical adviser for projects & provides technical support on matters related to information security.• Monitors the internal control systems to ensure that appropriate security is maintained.• Analyzes/reviews information on emerging cyber threats, and is actively engaged in industry forums on threats and opportunities. Makes improvement recommendations to managers at all levels to ensure compliance with laws, standards and policies while managing business risks.• Develop programs and conducts education and training in support of security awareness.• Develops and advises on IT Security budget and manages spend within the cost structure.• Manage IT Security Assets within approved budget and operational guidelines.• Collaborate with other IS teams on solutions to mitigate risks and enhance system security.• Provide detailed and clearly written communications such as documents, procedures, and processes.• To guide and support the efforts described above, the development and continuous refinement of an information risk program is expected. JSOX: • Lead the coordination process of all IT JSOX Compliance activities.• Serve as the key liaison between Accounting/Finance, IT, Internal Audit, and Kemper’s external auditors in JSOX IT matters.• Assist the Corporate JSOX Compliance team with IT system/infrastructure scoping, risk assessment, and control design.• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.• Play key role in the implementation of new systems brought into JSOX scope, including risk identification/mitigation, control design, and pre-/post-implementation reviews. Supervisory Responsibilities: • Responsible for direct team and 3rd party service partners Job Knowledge, Skills and Abilities: • Knowledge of Information Security / Risk Management best practices and regulatory environment (relevant to the legal or professional services environment preferred).• Experience developing, implementing, and evaluating security standards and procedures in multiple platforms and systems environments.• Understanding of key security technologies such as encryption, TCP/IP, HTTP, DNS, web application security, data loss prevention, mobile device management, etc.• Demonstrable experience working closely with IT and executive leadership and staff to develop plans, designs, architectures, and roadmaps to create a proactive information security environment.• Accountability and/or understanding of information governance (notably records management, security, and data privacy compliance) relevant to professional service environment. • Advanced problem solving skills and the ability to work collaboratively with others to resolve complex issues