Information Security Manager
Posted on Jan 16, 2020 by Request Technology - Craig Johnson
*Permanent Full time role*
Prestigious Financial Institution is currently seeking a Information Security Manager. Candidate will be responsible for all IT Security-related system operations to ensure a safe and sound computing environment. This position brings a strong technical and leadership mindset to the Information Security Program through understanding the needs of the business and ensuring a balance between productivity and security. The IT Security Manager will manage the security team to deliver quality projects according to project schedule. A strong emphasis on collaboration and coordination is critical for this position and the incumbent will possess the ability to effectively lead and influence others without direct managerial authority. The incumbent will be responsible for ensuring the various security controls comply with the requirements detailed in the IT Security Policy and the Information Security Program.
Manages all IT Security Operations detective and preventative technologies. Examples of security controls include: intrusion detection/prevention, malcode detection/prevention, network access controls, web application Firewalls, web content filtering, e-mail controls, change detection and centralized logging. The incumbent will ensure detective security controls are kept up-to-date and are configured for appropriate effectiveness, in accordance with industry best practice and regulatory guidance.
- Manage the monitoring, administration, engineering, architectural guidance and processes/procedures for detective and preventative technologies.
- Manage the Identity and Access Management (IAM) Program, including access requests and attestation.
- Oversee and manage security projects including design, implementation and integration of new or upgraded technologies.
- Strengthen and formalize security processes both within the security team and with other supporting resources.
- Manage industry best practice guidance and security hardening guidelines for all technologies.
- Mandate and document necessary settings on indirect security controls such as baseline security configurations and application development security guidelines.
- Manage Threat Intelligence Program; remain current on new and emerging threats, and the implications; and recommend and implement suggestions for improving security based on research.
- Manage Vulnerability Management Program; conduct and manage internal and third party vulnerability assessments and penetration tests; and work with appropriate teams to ensure proper ratings and remediation.
- Subject matter expert on security incident response efforts; oversee all alerts and anomalies; serve as the lead for incident response research, analysis, communication, and management of forensic investigations; and conduct incident investigations both during and after business hours as needed.
- Partner closely with the Enterprise Architects, Project Managers, Infrastructure Leaders, and Application Development teams to ensure a consistent approach to security solutions in each area of responsibility and throughout the development life cycle.
- Lead, manage and develop IT Security staff and resources and ensure all necessary steps are sufficiently documented and followed by the IT Security staff when evaluating security settings.
- Serve as a liaison with internal and external IT audit teams, fulfilling documentation requests, developing remediation plans, and leading efforts to remediate findings.
- Manage IT Security Operations budget and resources, and participate in IT planning and project management.
- Support the OFs diversity and inclusion strategy by following policies and procedures that ensure opportunities for employees and diverse business partners
- Assist with other job duties as assigned
- Bachelors degree in Computer Science or related field required.
- Professional Security Certification (eg, CISSP, GIAC, CISM) required.
- Minimum 5 to 7 years of experience in IT security related positions.
- Minimum 3 years of experience in IT Security leadership.
- Demonstrated expertise in the area of information security.
- Demonstrated experience in incident response and responding to emergency situations.
- Demonstrated experience leading and managing IT projects or sub-teams and knowledge of IT project management.
- Ability to lead and manage technical personnel.
- Strong decision-making skills and excellent analytical ability.
- Excellent written and verbal communication skills.
- In-depth knowledge of IT security principles and technologies.
- Fundamental knowledge of.NIX (Sun Solaris, RHEL, Windows, etc.).
- Fundamental knowledge of web applications protocols (HTTP(s) and web services frameworks (JAVA, APACHE, .NET)