Information Security Manager
Company: OperationIT
Location: West Nyack
Posted on: May 26, 2023
Job Description:
The Information Security Manager is responsible for leading
efforts to prevent, monitor, and respond to information/data
breaches and cyber-attacks. The overall objective of this role is
to ensure the execution of Information Security directives and
activities in alignment with data security policy and business
offices.
This supervisory role ensures consistent service delivery and
expectation management in all areas. The role is to help drive the
business strategy by integrating the customer's experience and
input and working with other department leaders to help further the
organization's vision. This leadership role works closely with the
CISO and recommends the planning and coordinating of all activities
related to the design, management, and implementation of
organizational information security systems.
Additionally, responsible for maintaining, supporting, and
upgrading existing systems and applications. This individual will
apply proven communication skills, problem-solving skills, and
knowledge of best practices to guide his/her information security
team on issues related to the design, management, auditing, and
deployment of mission-critical information security software
systems.
Responsibilities
- Ensure that development projects meet business requirements and
goals, fulfill end-user requirements, and identify and resolve
systems issues.
- Create customer and prospect KPIs, metrics, and budgeting
related to information security risks and activity.
- Conveys customer feedback to IT leadership.
- Socialize and adapt business needs and requirements throughout
the organization relative to their area.
- Conduct research to remain up-to-date and knowledgeable
regarding industry/market trends in anticipation of
competition.
- Analyze and improve customer experiences and processes by
mapping out customer roadmaps.
- Lead customer-related strategy to achieve business
goals.
- Collaborate with the appropriate departments in IT to develop
and maintain a custom plan that supports customer needs.
- Develop and communicate business/customer alignment plans to
the CIO/CISO, staff, partners, customers, and
stakeholders.
- Connect with customers and prospects to help garner feedback,
inform organizational change, and maintain a strong business
connection.
- Act as primary liaison for any escalated customer
issues.
- Review and analyze existing application effectiveness and
efficiency, then develop strategies for improving or leveraging
these systems.
- Manage the security evaluation/assessment, development, and
deployment of applications, systems software, and enhancements to
existing applications throughout the enterprise.
- Research and recommend software products and services to
support procurement and development efforts.
- Coordinate feasibility studies for software and system products
under consideration for purchase and give advice based on
findings.
- Ensure that any new software integration into company systems
meets functional requirements, system compliance, interface
specifications, and security program mandates.
- Verify with technology teams that technology Information
Security (IS) is compliant with standards and meets IS technology
strategy goals
- Monitor changes in the risk profile of highly critical
systems
- Assist security incident response teams to resolve and close
the investigation of incidents
- Complete the Risk Assessment process, including maintaining
accurate asset inventory, system criticality information, data
classification, threat analysis, and action plans
- Guide the completion of Risk Assessments and other IS-related
compliance processes, and ensure processes are understood,
appropriate controls take place, and remediation of non-compliance
is documented and addressed
- Promote and educate security awareness within the
business.
- Ensure compliance with information security standards and best
practices across multiple disciplines.
- Has the ability to operate with a limited level of direct
supervision.
- Can exercise independence of judgment and autonomy.
- Acts as SME to senior stakeholders or other team
members.
- Appropriately assess risk when business decisions are made,
demonstrating particular consideration for reputation and
safeguarding the company, its customers, and assets by driving
compliance with applicable laws, rules, and regulations and
adhering to Policy.
- Apply sound ethical judgment regarding personal behavior,
conduct, business practices, and escalation, managing and reporting
control issues with transparency.
- Collaborate with CISO, privacy officer, and HR to establish and
maintain a system for ensuring that security and privacy policies
are met.
- Where necessary, supervise recruitment, development, retention,
and organization of security staff following corporate budgetary
objectives and personnel policies.
- Promote and oversee strategic security relationships between
internal resources and external entities, including government,
vendors, and partner organizations.
- Maintain the security components of a Continuous Integration
and Continuous Delivery (CI/CD) process using the best effort in
DevSecOps department.
- Provide technical leadership to project managers, system
engineers, architects, and developers in project teams.
- Liaise with network administrators and software engineers to
assist with the Secure Software Development Lifecycle
(SDLC).
- Cultivate, disseminate, and enforce functional policies,
procedures, and quality assurance best practices.
- Where necessary, prepare, establish, and monitor
budgets.
- Other duties and assignments may be assigned at the sole
discretion of the employer.
Qualifications
- Four-year college diploma or university degree in information
security systems or 12 years equivalent work experience.
- A master's degree is preferred.
- 10 - 15 years of related experience
- 5 years of direct experience in information security and
systems management.
- Proven experience in overseeing the direction, development, and
implementation of cybersecurity solutions.
- Experience in Customer engagement and management.
- Experience in building Information Security programs.
- Experience conducting Vulnerability Assessments and Penetration
testing.
- Direct, hands-on experience with automated software and
security system management tools.
- Experience working with SIEM systems.
- Able to prioritize and execute tasks in a high-pressure
environment.
- Experience working in a team-oriented, collaborative
environment.
- Excellent understanding of project management
principles.
- Working knowledge of mobile, network, and PC operating systems,
including MS Windows, Linux, and Mac OS.
- Knowledge of network hardware, protocols, and
standards.
- Excellent understanding of the organization's goals and
objectives.
- Knowledge of applicable data privacy practices and
laws
- Strong customer-service orientation.
- Excellent written and oral communication skills.
- Excellent listening and interpersonal skills.
- Ability to communicate ideas in both technical and
user-friendly language.
- Ability to conduct research into application development issues
and products.
- Highly self-motivated and directed.
- Keen attention to detail.
- Familiarity with ITIL is preferred.
- Security Certifications required (e.g., CISM, CISSP)
- Proficient in interpreting and applying policies, standards,
and procedures
- Consistently demonstrates clear and concise written and verbal
communication
- Proven analytical skills
- Fluency in multiple security frameworks is preferred.
- Experience with GDPR, CCPA/CCRA, and NYSHIELD is
preferred.
- Experience with ISO27001 is a plus.
- Occasional evening and weekend work to meet deadlines.
Keywords: OperationIT, Tenafly , Information Security Manager, Executive , West Nyack, New Jersey
Didn't find what you're looking for? Search again!
Loading more jobs...