Sr Manager Information Security

Overview

Information Security threat landscape continues to remain increasingly complex and requires constant vigilance to secure a large, global enterprise. The Sr. Manager Information Security & Risk Management (ISRM) will report directly to the CISO. This position will collaborate with various stakeholders within IT, Legal, HR, and business units to create and maintain information security strategy & roadmap. The Sr. Manager Information Security will help architect and implement security solutions to enable business processes while ensuring that confidential information remains secure under corporate control. This position will work on assessing the security controls of new & existing applications & processes and oversee the incident response process. The Sr. Manager Information Security will work with software & product security groups and external experts to enhance the security posture of software & products. This position will work closely with executives, business managers, and IT to communicate the importance and need for enhanced security controls.

Principal Responsibilities

• Work with CISO and management to develop an information security vision and strategy that is aligned with organizational priorities and enables business objectives
• Develop, implement and monitor a comprehensive information security program to protect the organization
• Manage the budget for the information security function
• Work with Legal and HR to develop, implement and monitor a comprehensive data loss prevention program
• Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
• Work with IT, Legal, HR, and business units to facilitate security risk assessment & risk management processes and ensure that residual risk is in line with company’s risk tolerance
• Develop, implement, and maintain security assessment processes & tools to review the security controls in on-premise and cloud-based applications
• Evaluate the impact of cloud applications on the overall Enterprise Architecture as it relates to information security
• Ensure that security is embedded in the project delivery process by providing appropriate information security policies, procedures, and guidelines
• Understand the impact to security and IP Protection for mobile platforms and networks and make recommendations for maintaining a secure mobile environment
• Work with Computer Security Incident Response Team (CSIRT) to manage & contain information security incidents and events to protect company IT assets, Intellectual Property, and company’s reputation
• Develop and implement Red Team and Penetration Testing process
• Manage the vulnerability assessment & management and patching process
• Conduct cybersecurity tabletop exercises to improve response capabilities
• Work with internal stakeholders to manage customer & government audit requests
• Work with data privacy officer and privacy team to ensure that data privacy requirements are included where applicable
• Provide regular reporting on the current status of information security program to management
• This position may require traveling up to 24% of the time

Qualifications

• BA/BS in Information Technology or related field from an accredited university
• Minimum of 10 years of experience in a combination of information security, risk management, security review, and incident response
• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar certification
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
• Proven track record and experience in executing information security & intellectual protection programs in a global environment
• High degree of competence with Microsoft Office Productivity Applications
• Ability to assess, validate and incorporate new tools, practices, strategies, and process to gain efficiencies in the areas of cybersecurity & intellectual property protection
• Sound knowledge of business management and a working knowledge of information security risk management and cyber security technologies
• Experience with data loss prevention and digital rights management applications, practices, principles, and strategies is especially helpful
• Must have experience in participating and managing customer & government audits
• Demonstrated experience in managing information security in a large, global company
• Experience in manufacturing and R&D environments
• Poise and ability to act calmly and competently in high-pressure, high-stress situations
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
• Ability to motivate the information security team to achieve tactical and strategic goals, even when only “dotted line” reporting lines exist
• Adaptable, innovative, and detail oriented
• Disciplined to solve complex problems with the ability to solve issues and drive solutions that solve business problems
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
• Excellent written, verbal, presentation, and interpersonal communication skills
• Experience in presenting to large groups

Tagged as: Analytics, CISA, CISM, CISO, CISSP, Cloud, COBIT, Cybersecurity, information security, ISO/IEC 27001, ITIL, NIST