Information Security Manager - New York - Permanent Position

Information Security Manager - New York - Permanent Position

(Security Manager, IS Manager, New York, CISO, encryption, data protection, design, privilege access, CISSP, CISM, GSEC, PCI, GDPR)

Overview

The Information Security Manager is responsible for the operational Infosec delivery and leadership in support of the company operations in the Americas. This role involves both hands-on responsibility and team leadership to identify, monitor, report and remediate information security risks. This position would partner with peers from the infrastructure group and across sider IT organization to support infosec needs on global and regional projects, ensure alignment with strategy set forth by the Group CISO, and proactively offer thought leadership on ongoing information security operations.

All other duties assigned by supervisor.

Responsibilities

Functional Responsibility:

• Monitors and routinely audits compliance to all information security procedures and policies and ensures consistency of internal controls across departments.
• Lead remediation process for all security related gaps identified during Internal audit reviews as well as reviews performed by third party entities such as PWC and others, and per direction of the Group CISO.
• Help align process and procedure as well as network and system standards to the company's IT global group standards.
• Manage the on-boarding of technology related projects to make sure that they align with the company's security policies, guidelines and ISP process. The candidate will need to work with all parties to include project sponsors, vendor and IT operations group as well as the Global InfoSec team to validate projects.
• Drive annual PCI compliance certification and oversee all related controls and documentation management. Support other regulatory initiatives such as GRPR and CCPA remediation as necessary.
• Manage a team of security specialists consisting of Full time and consultant security personnel.
• Manage the ongoing vulnerability scanning and assessment process and partners with the rest of IT and third parties to resolve vulnerabilities in a timely manner to maintain compliance.
• Manage a team of security specialists consisting of Full time and consultant security personnel.
• Manage the ongoing vulnerability scanning and assessment process and partners with the rest of IT and third parties to resolve vulnerabilities in a timely manner to maintain compliance.
• Partner with the rest of the IT organization to ensure effective implementation and ongoing management of security tools, systems and processes including: logging, IDS, IPS, endpoint protection, web filtering, MDM, DLP, patch management, vulnerability scanning technologies, etc..
• Partner with the infrastructure team to develop strong security posturing including reviewing Firewall policies and propose changes such as additional network segmentation and filtering policies to better protect the network.
• Provide oversight to IT operation team to manage end user computing on endpoint security, patching and policy management.
• Provide oversight, guidance and development of requirements for vendor selection for new and replacement technologies within the IT Security footprint.
• Interface with management and user community to understand business needs, implement security best practices, and identify opportunities for improving security and compliance.
• Partner with the training and professional development staff to promote security awareness among the user community.
• Review and provide input into the company's overall security program and manage multiple security projects in a given period.

Supervisory Responsibility

Yes - will oversee 1 direct report IT Security Specialist, and supervise external consultant(s) as needed

Budget Responsibility

Yes - sourcing and budgeting for new security technology tools and Vendor Management

Decision Making Responsibility

Yes - Give general security direction to team based on Group level standards and guidelines

Qualifications

Minimum Years of Experience

• Minimum of 5 years' experience in IT or Security Management

Preferred Skills

• CISSP, CISM or GSEC Security Certification preferred
• In-depth knowledge of security best practices (encryption, data protection, design, privilege access, etc.).
• Experience with managing and implementing standard security technologies (DLP, MDM, SIEM, AV, IDS).
• Experience with file management access tool such as Varonis and is able to drive data owner entitlement review process.
• Experience with compliance management and certification (PCI, GDPR)
• Knowledge of networks technologies (protocols, design concepts, access control).
• Excellent written and verbal communications.
• Proficiency in planning, reporting, establishing goals and objectives, standards, and priorities