Information Security Manager

Company: OperationIT
Location: West Nyack
Posted on: May 26, 2023

Job Description:

The Information Security Manager is responsible for leading efforts to prevent, monitor, and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with data security policy and business offices.

This supervisory role ensures consistent service delivery and expectation management in all areas. The role is to help drive the business strategy by integrating the customer's experience and input and working with other department leaders to help further the organization's vision. This leadership role works closely with the CISO and recommends the planning and coordinating of all activities related to the design, management, and implementation of organizational information security systems.

Additionally, responsible for maintaining, supporting, and upgrading existing systems and applications. This individual will apply proven communication skills, problem-solving skills, and knowledge of best practices to guide his/her information security team on issues related to the design, management, auditing, and deployment of mission-critical information security software systems.

Responsibilities

• 
  
• Ensure that development projects meet business requirements and goals, fulfill end-user requirements, and identify and resolve systems issues.
  
• Create customer and prospect KPIs, metrics, and budgeting related to information security risks and activity.
  
• Conveys customer feedback to IT leadership.
  
• Socialize and adapt business needs and requirements throughout the organization relative to their area.
  
• Conduct research to remain up-to-date and knowledgeable regarding industry/market trends in anticipation of competition.
  
• Analyze and improve customer experiences and processes by mapping out customer roadmaps.
  
• Lead customer-related strategy to achieve business goals.
  
• Collaborate with the appropriate departments in IT to develop and maintain a custom plan that supports customer needs.
  
• Develop and communicate business/customer alignment plans to the CIO/CISO, staff, partners, customers, and stakeholders.
  
• Connect with customers and prospects to help garner feedback, inform organizational change, and maintain a strong business connection.
  
• Act as primary liaison for any escalated customer issues.
  
• Review and analyze existing application effectiveness and efficiency, then develop strategies for improving or leveraging these systems.
  
• Manage the security evaluation/assessment, development, and deployment of applications, systems software, and enhancements to existing applications throughout the enterprise.
  
• Research and recommend software products and services to support procurement and development efforts.
  
• Coordinate feasibility studies for software and system products under consideration for purchase and give advice based on findings.
  
• Ensure that any new software integration into company systems meets functional requirements, system compliance, interface specifications, and security program mandates.
  
• Verify with technology teams that technology Information Security (IS) is compliant with standards and meets IS technology strategy goals
  
• Monitor changes in the risk profile of highly critical systems
  
• Assist security incident response teams to resolve and close the investigation of incidents
  
• Complete the Risk Assessment process, including maintaining accurate asset inventory, system criticality information, data classification, threat analysis, and action plans
  
• Guide the completion of Risk Assessments and other IS-related compliance processes, and ensure processes are understood, appropriate controls take place, and remediation of non-compliance is documented and addressed
  
• Promote and educate security awareness within the business.
  
• Ensure compliance with information security standards and best practices across multiple disciplines.
  
• Has the ability to operate with a limited level of direct supervision.
  
• Can exercise independence of judgment and autonomy.
  
• Acts as SME to senior stakeholders or other team members.
  
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for reputation and safeguarding the company, its customers, and assets by driving compliance with applicable laws, rules, and regulations and adhering to Policy.
  
• Apply sound ethical judgment regarding personal behavior, conduct, business practices, and escalation, managing and reporting control issues with transparency.
  
• Collaborate with CISO, privacy officer, and HR to establish and maintain a system for ensuring that security and privacy policies are met.
  
• Where necessary, supervise recruitment, development, retention, and organization of security staff following corporate budgetary objectives and personnel policies.
  
• Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.
  
• Maintain the security components of a Continuous Integration and Continuous Delivery (CI/CD) process using the best effort in DevSecOps department.
  
• Provide technical leadership to project managers, system engineers, architects, and developers in project teams.
  
• Liaise with network administrators and software engineers to assist with the Secure Software Development Lifecycle (SDLC).
  
• Cultivate, disseminate, and enforce functional policies, procedures, and quality assurance best practices.
  
• Where necessary, prepare, establish, and monitor budgets.
  
• Other duties and assignments may be assigned at the sole discretion of the employer.
  
  Qualifications
  
  
  • 
    
  • Four-year college diploma or university degree in information security systems or 12 years equivalent work experience.
    
  • A master's degree is preferred.
    
  • 10 - 15 years of related experience
    
  • 5 years of direct experience in information security and systems management.
    
  • Proven experience in overseeing the direction, development, and implementation of cybersecurity solutions.
    
  • Experience in Customer engagement and management.
    
  • Experience in building Information Security programs.
    
  • Experience conducting Vulnerability Assessments and Penetration testing.
    
  • Direct, hands-on experience with automated software and security system management tools.
    
  • Experience working with SIEM systems.
    
  • Able to prioritize and execute tasks in a high-pressure environment.
    
  • Experience working in a team-oriented, collaborative environment.
    
  • Excellent understanding of project management principles.
    
  • Working knowledge of mobile, network, and PC operating systems, including MS Windows, Linux, and Mac OS.
    
  • Knowledge of network hardware, protocols, and standards.
    
  • Excellent understanding of the organization's goals and objectives.
    
  • Knowledge of applicable data privacy practices and laws
    
  • Strong customer-service orientation.
    
  • Excellent written and oral communication skills.
    
  • Excellent listening and interpersonal skills.
    
  • Ability to communicate ideas in both technical and user-friendly language.
    
  • Ability to conduct research into application development issues and products.
    
  • Highly self-motivated and directed.
    
  • Keen attention to detail.
    
  • Familiarity with ITIL is preferred.
    
  • Security Certifications required (e.g., CISM, CISSP)
    
  • Proficient in interpreting and applying policies, standards, and procedures
    
  • Consistently demonstrates clear and concise written and verbal communication
    
  • Proven analytical skills
    
  • Fluency in multiple security frameworks is preferred.
    
  • Experience with GDPR, CCPA/CCRA, and NYSHIELD is preferred.
    
  • Experience with ISO27001 is a plus.
    
  • Occasional evening and weekend work to meet deadlines.
    
    

Keywords: OperationIT, Tenafly , Information Security Manager, Executive , West Nyack, New Jersey