Information Security Manager
Posted on Oct 7, 2024 by City of Philadelphia
Philadelphia, PA
Health & Safety
Immediate Start
Annual Salary
Full-Time
Job Description
The Information Security Manager will play an essential role in leading and managing the Information security program. The ideal will lead the development and implementation of the organization’s security policies and procedures, ensuring the protection of IT infrastructure, data, and assets. This role requires a strategic thinker with excellent technical skills and the ability to work collaboratively across departments to protect our organization against internal and external threats. Reporting directly to the Director of Information Security the successful candidate will oversee all aspects information security activities to safeguard Philadelphia International Airport's information assets.
Essential Functions and Responsibilities:
Security Policies and Procedures:
Develop and implement comprehensive information security programs, including policies, processes, and control systems to protect organizational assets.
Ensure compliance with regulatory requirements and industry standards
Risk Management:
Identify and assess security risks to the organization.
Develop risk mitigation strategies and manage incidents and breaches.
Conduct regular security assessments, audits, and penetration testing.
Security Awareness and Training:
Develop and deliver security awareness programs to educate employees about security policies and procedures.
Promote a culture of security awareness and compliance throughout the organization.
Incident Response and Management:
Lead the incident response team and coordinate the investigation and remediation of security incidents.
Develop and maintain an incident response plan and ensure timely and effective responses to security breaches.
Security Architecture and Engineering:
Collaborate with IT and other departments to design and implement secure network architectures, including firewalls, intrusion detection/prevention systems, and encryption protocols.
Liaise with IT and other departments to ensure alignment of security measures with organizational goals and regulatory requirements.
Ensure the secure configuration of all hardware and software systems.
Manage the Information Security team, overseeing the day-to-day operations and long-term strategic direction of the security function.
Vendor Management:
Evaluate and manage third-party vendors and service providers to ensure they meet security standards and requirements.
Conduct regular security reviews and assessments of vendors.
Continuous Monitoring & Improvement:
Stay updated with the latest security technologies, trends, and threats to ensure the organization's defenses remain effective and current.
Conduct regular security audits, vulnerability scans, and risk assessments to identify and mitigate potential threats.
Implement monitoring mechanisms to track compliance with IT policies, controls, and regulatory requirements.
Continuously improve the organization’s security posture through research and the implementation of new security tools and technologies.
Provide regular reporting on the status of the information security environment highlighting key issues, trends, and recommendations.
Standardize documentation practices for IT processes, controls, and compliance activities, ensuring completeness, accuracy, and accessibility of documentation.
Experience/Required skills:
Demonstrated ability to develop and implement governance, risk, and compliance frameworks in complex IT environments.
Experience managing audits, assessments, and regulatory compliance initiatives related to IT operations.
Strong understanding of Cybersecurity risk frameworks and ability to lead and oversee the execution and implementation of the frameworks.
Valuable communication skills and ability to synthesize complex technical topics for non-technical audiences.
Proven track record of developing and implementing robust internal controls and risk mitigation strategies within IT operations.
Effective skills and experience in designing and documenting complex processes and identifying and eliminating deficiencies in existing process designs.
Strong project management skills, with the ability to coordinate and execute multiple initiatives simultaneously, meeting deadlines and delivering high-quality results.
Ability to standardize documentation practices for IT processes, controls, and compliance activities, ensuring completeness, accuracy, and accessibility.
Commitment to staying updated on emerging security threats, trends, and technologies.
Desired Experience and Abilities
Strong analytical and problem-solving abilities, with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously.
Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization.
Experience in developing and delivering training programs and awareness campaigns to educate IT staff and stakeholders on compliance requirements and best practices.
Proficiency in monitoring mechanisms and reporting tools to track compliance with IT policies, controls, and regulatory requirements.
Commitment to staying updated on emerging security threats, trends, and technologies.
Ability to adapt to evolving security challenges and requirements, proactively adjusting security strategies and tactics to address new threats and vulnerabilities.
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
Familiarity with cybersecurity principles, tools, and best practices.
The Information Security Manager will play an essential role in leading and managing the Information security program. The ideal will lead the development and implementation of the organization’s security policies and procedures, ensuring the protection of IT infrastructure, data, and assets. This role requires a strategic thinker with excellent technical skills and the ability to work collaboratively across departments to protect our organization against internal and external threats. Reporting directly to the Director of Information Security the successful candidate will oversee all aspects information security activities to safeguard Philadelphia International Airport's information assets.
Essential Functions and Responsibilities:
Security Policies and Procedures:
Develop and implement comprehensive information security programs, including policies, processes, and control systems to protect organizational assets.
Ensure compliance with regulatory requirements and industry standards
Risk Management:
Identify and assess security risks to the organization.
Develop risk mitigation strategies and manage incidents and breaches.
Conduct regular security assessments, audits, and penetration testing.
Security Awareness and Training:
Develop and deliver security awareness programs to educate employees about security policies and procedures.
Promote a culture of security awareness and compliance throughout the organization.
Incident Response and Management:
Lead the incident response team and coordinate the investigation and remediation of security incidents.
Develop and maintain an incident response plan and ensure timely and effective responses to security breaches.
Security Architecture and Engineering:
Collaborate with IT and other departments to design and implement secure network architectures, including firewalls, intrusion detection/prevention systems, and encryption protocols.
Liaise with IT and other departments to ensure alignment of security measures with organizational goals and regulatory requirements.
Ensure the secure configuration of all hardware and software systems.
Manage the Information Security team, overseeing the day-to-day operations and long-term strategic direction of the security function.
Vendor Management:
Evaluate and manage third-party vendors and service providers to ensure they meet security standards and requirements.
Conduct regular security reviews and assessments of vendors.
Continuous Monitoring & Improvement:
Stay updated with the latest security technologies, trends, and threats to ensure the organization's defenses remain effective and current.
Conduct regular security audits, vulnerability scans, and risk assessments to identify and mitigate potential threats.
Implement monitoring mechanisms to track compliance with IT policies, controls, and regulatory requirements.
Continuously improve the organization’s security posture through research and the implementation of new security tools and technologies.
Provide regular reporting on the status of the information security environment highlighting key issues, trends, and recommendations.
Standardize documentation practices for IT processes, controls, and compliance activities, ensuring completeness, accuracy, and accessibility of documentation.
Experience/Required skills:
Demonstrated ability to develop and implement governance, risk, and compliance frameworks in complex IT environments.
Experience managing audits, assessments, and regulatory compliance initiatives related to IT operations.
Strong understanding of Cybersecurity risk frameworks and ability to lead and oversee the execution and implementation of the frameworks.
Valuable communication skills and ability to synthesize complex technical topics for non-technical audiences.
Proven track record of developing and implementing robust internal controls and risk mitigation strategies within IT operations.
Effective skills and experience in designing and documenting complex processes and identifying and eliminating deficiencies in existing process designs.
Strong project management skills, with the ability to coordinate and execute multiple initiatives simultaneously, meeting deadlines and delivering high-quality results.
Ability to standardize documentation practices for IT processes, controls, and compliance activities, ensuring completeness, accuracy, and accessibility.
Commitment to staying updated on emerging security threats, trends, and technologies.
Desired Experience and Abilities
Strong analytical and problem-solving abilities, with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously.
Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization.
Experience in developing and delivering training programs and awareness campaigns to educate IT staff and stakeholders on compliance requirements and best practices.
Proficiency in monitoring mechanisms and reporting tools to track compliance with IT policies, controls, and regulatory requirements.
Commitment to staying updated on emerging security threats, trends, and technologies.
Ability to adapt to evolving security challenges and requirements, proactively adjusting security strategies and tactics to address new threats and vulnerabilities.
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
Familiarity with cybersecurity principles, tools, and best practices.
Reference: 201741543
https://jobs.careeraddict.com/post/95842126
Information Security Manager
Posted on Oct 7, 2024 by City of Philadelphia
Philadelphia, PA
Health & Safety
Immediate Start
Annual Salary
Full-Time
Job Description
The Information Security Manager will play an essential role in leading and managing the Information security program. The ideal will lead the development and implementation of the organization’s security policies and procedures, ensuring the protection of IT infrastructure, data, and assets. This role requires a strategic thinker with excellent technical skills and the ability to work collaboratively across departments to protect our organization against internal and external threats. Reporting directly to the Director of Information Security the successful candidate will oversee all aspects information security activities to safeguard Philadelphia International Airport's information assets.
Essential Functions and Responsibilities:
Security Policies and Procedures:
Develop and implement comprehensive information security programs, including policies, processes, and control systems to protect organizational assets.
Ensure compliance with regulatory requirements and industry standards
Risk Management:
Identify and assess security risks to the organization.
Develop risk mitigation strategies and manage incidents and breaches.
Conduct regular security assessments, audits, and penetration testing.
Security Awareness and Training:
Develop and deliver security awareness programs to educate employees about security policies and procedures.
Promote a culture of security awareness and compliance throughout the organization.
Incident Response and Management:
Lead the incident response team and coordinate the investigation and remediation of security incidents.
Develop and maintain an incident response plan and ensure timely and effective responses to security breaches.
Security Architecture and Engineering:
Collaborate with IT and other departments to design and implement secure network architectures, including firewalls, intrusion detection/prevention systems, and encryption protocols.
Liaise with IT and other departments to ensure alignment of security measures with organizational goals and regulatory requirements.
Ensure the secure configuration of all hardware and software systems.
Manage the Information Security team, overseeing the day-to-day operations and long-term strategic direction of the security function.
Vendor Management:
Evaluate and manage third-party vendors and service providers to ensure they meet security standards and requirements.
Conduct regular security reviews and assessments of vendors.
Continuous Monitoring & Improvement:
Stay updated with the latest security technologies, trends, and threats to ensure the organization's defenses remain effective and current.
Conduct regular security audits, vulnerability scans, and risk assessments to identify and mitigate potential threats.
Implement monitoring mechanisms to track compliance with IT policies, controls, and regulatory requirements.
Continuously improve the organization’s security posture through research and the implementation of new security tools and technologies.
Provide regular reporting on the status of the information security environment highlighting key issues, trends, and recommendations.
Standardize documentation practices for IT processes, controls, and compliance activities, ensuring completeness, accuracy, and accessibility of documentation.
Experience/Required skills:
Demonstrated ability to develop and implement governance, risk, and compliance frameworks in complex IT environments.
Experience managing audits, assessments, and regulatory compliance initiatives related to IT operations.
Strong understanding of Cybersecurity risk frameworks and ability to lead and oversee the execution and implementation of the frameworks.
Valuable communication skills and ability to synthesize complex technical topics for non-technical audiences.
Proven track record of developing and implementing robust internal controls and risk mitigation strategies within IT operations.
Effective skills and experience in designing and documenting complex processes and identifying and eliminating deficiencies in existing process designs.
Strong project management skills, with the ability to coordinate and execute multiple initiatives simultaneously, meeting deadlines and delivering high-quality results.
Ability to standardize documentation practices for IT processes, controls, and compliance activities, ensuring completeness, accuracy, and accessibility.
Commitment to staying updated on emerging security threats, trends, and technologies.
Desired Experience and Abilities
Strong analytical and problem-solving abilities, with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously.
Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization.
Experience in developing and delivering training programs and awareness campaigns to educate IT staff and stakeholders on compliance requirements and best practices.
Proficiency in monitoring mechanisms and reporting tools to track compliance with IT policies, controls, and regulatory requirements.
Commitment to staying updated on emerging security threats, trends, and technologies.
Ability to adapt to evolving security challenges and requirements, proactively adjusting security strategies and tactics to address new threats and vulnerabilities.
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
Familiarity with cybersecurity principles, tools, and best practices.
The Information Security Manager will play an essential role in leading and managing the Information security program. The ideal will lead the development and implementation of the organization’s security policies and procedures, ensuring the protection of IT infrastructure, data, and assets. This role requires a strategic thinker with excellent technical skills and the ability to work collaboratively across departments to protect our organization against internal and external threats. Reporting directly to the Director of Information Security the successful candidate will oversee all aspects information security activities to safeguard Philadelphia International Airport's information assets.
Essential Functions and Responsibilities:
Security Policies and Procedures:
Develop and implement comprehensive information security programs, including policies, processes, and control systems to protect organizational assets.
Ensure compliance with regulatory requirements and industry standards
Risk Management:
Identify and assess security risks to the organization.
Develop risk mitigation strategies and manage incidents and breaches.
Conduct regular security assessments, audits, and penetration testing.
Security Awareness and Training:
Develop and deliver security awareness programs to educate employees about security policies and procedures.
Promote a culture of security awareness and compliance throughout the organization.
Incident Response and Management:
Lead the incident response team and coordinate the investigation and remediation of security incidents.
Develop and maintain an incident response plan and ensure timely and effective responses to security breaches.
Security Architecture and Engineering:
Collaborate with IT and other departments to design and implement secure network architectures, including firewalls, intrusion detection/prevention systems, and encryption protocols.
Liaise with IT and other departments to ensure alignment of security measures with organizational goals and regulatory requirements.
Ensure the secure configuration of all hardware and software systems.
Manage the Information Security team, overseeing the day-to-day operations and long-term strategic direction of the security function.
Vendor Management:
Evaluate and manage third-party vendors and service providers to ensure they meet security standards and requirements.
Conduct regular security reviews and assessments of vendors.
Continuous Monitoring & Improvement:
Stay updated with the latest security technologies, trends, and threats to ensure the organization's defenses remain effective and current.
Conduct regular security audits, vulnerability scans, and risk assessments to identify and mitigate potential threats.
Implement monitoring mechanisms to track compliance with IT policies, controls, and regulatory requirements.
Continuously improve the organization’s security posture through research and the implementation of new security tools and technologies.
Provide regular reporting on the status of the information security environment highlighting key issues, trends, and recommendations.
Standardize documentation practices for IT processes, controls, and compliance activities, ensuring completeness, accuracy, and accessibility of documentation.
Experience/Required skills:
Demonstrated ability to develop and implement governance, risk, and compliance frameworks in complex IT environments.
Experience managing audits, assessments, and regulatory compliance initiatives related to IT operations.
Strong understanding of Cybersecurity risk frameworks and ability to lead and oversee the execution and implementation of the frameworks.
Valuable communication skills and ability to synthesize complex technical topics for non-technical audiences.
Proven track record of developing and implementing robust internal controls and risk mitigation strategies within IT operations.
Effective skills and experience in designing and documenting complex processes and identifying and eliminating deficiencies in existing process designs.
Strong project management skills, with the ability to coordinate and execute multiple initiatives simultaneously, meeting deadlines and delivering high-quality results.
Ability to standardize documentation practices for IT processes, controls, and compliance activities, ensuring completeness, accuracy, and accessibility.
Commitment to staying updated on emerging security threats, trends, and technologies.
Desired Experience and Abilities
Strong analytical and problem-solving abilities, with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously.
Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization.
Experience in developing and delivering training programs and awareness campaigns to educate IT staff and stakeholders on compliance requirements and best practices.
Proficiency in monitoring mechanisms and reporting tools to track compliance with IT policies, controls, and regulatory requirements.
Commitment to staying updated on emerging security threats, trends, and technologies.
Ability to adapt to evolving security challenges and requirements, proactively adjusting security strategies and tactics to address new threats and vulnerabilities.
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
Familiarity with cybersecurity principles, tools, and best practices.
Reference: 201741543
Share this job:
Alert me to jobs like this:
Amplify your job search:
Expert career advice
Increase interview chances with our downloads and specialist services.
Visit Blog