Information Security Manager
Posted on Feb 1, 2020 by Resource 1
Resource 1 is seeking an Information Security Manager for a 6-month contract for hire with our client located in downtown Chicago. As the Information Security Manager, you will be responsible for setting up and enforcing Information Security policies and compliance programs. You will work alongside other IT members to build and manage the programs supporting existing compliance control activities and initiatives and make security and privacy an integral part of our clients processes and culture. This role will also be client facing, assisting clients with any IT security requests.
Primary responsibilities include:
- Managing all internal and external security compliance engagement activities.
- Building and managing the programs supporting our existing compliance control activities and initiatives
- Working closely with many cross-functional teams to communicate and integrate control requirements (IT, General Counsel, HR, Finance, others, etc.)
- Managing, documenting, and communicating compliance requirements, timelines, and road map to supporting teams and leadership; Driving project activities to ensure requirements and schedules are met
Identifying and managing risks and work with project teams to identify appropriate solutions
- Managing, tracking and reporting compliance-related remediation to project teams and management
- Developing metrics and reporting to demonstrate compliance status and engagement
- Communicating the compliance posture and effectiveness to management on a scheduled basis
- Providing ongoing guidance and consultation to the organization to promote a progressive and sustainable Security Awareness Program
- Developing and working with supporting teams to design and implement an automated control strategy and exception reporting process
- Developing a strategy to implement and maintain a centralized audit evidence repository to support all security compliance evidence gathering and maintenance activities
- Integrating ongoing changes to laws, regulations, and NIST frameworks as required into daily activities.
- Position requires 7 - 9 years working experience within Information Security & Compliance along with 5 years of security audit experience.
- BS or MS in Computer Science or related field and a strong understanding of relevant security standards such as NIST, ISO 27001, SOC2, etc.
- Expert understanding of cloud controls and environments, a strong foundation in IT solutions development and deployment and practical understanding of IT security compliance, risk management and information security principles including access control, network security, information security architecture, information security operations, and leading practices and associated tools in a cloud environment (AWS) are critical.
- Demonstrated experience managing compliance activities as part of a company (not solely in a consulting capacity)
- Implementing a common/unified control framework; managing and working with auditors, internal cross-functional teams and product engineering groups.
- Previously maintained a compliance process for ISO 27001, SOC2, PCI, and/or FERPA
- Previously worked closely with Engineering teams to guide architectural and process decisions that protect PII or other sensitive information; preferably within a cloud provider such as Amazon Web Services
Would be really nice to have any of the following security-focused certifications: CISSP, CISM, or CISA
Set up alerts to get notified of new vacancies.
$140k - $150k Annual
$145k - $165k Annual