| Job #: | 1466 |
|---|---|
| Title: | IT Security Manager |
| Job Location: | Cleveland, Ohio - United States |
| Employment Type: | Full Time / Direct Hire |
| Salary: | $90,000.00 - $150,000.00 - US Dollars - Yearly |
| Employer Will Recruit From: | |
| Relocation Paid?: | No |
Position Summary
Manages and oversees security aspects of systems to protect data from unauthorized access.
Accountable for implementing and monitoring adherence to the established IT security policies/procedures/standards; implementing IT security tools and technology to support security processes; and performing periodic security assessments and control reviews to assess the effectiveness of network security, web security, host-based security, application-level security, and database security.
Manages resolution for security incidents in alignment with security incident response process, including monitoring, tracking, and reporting metrics related to security incidents.
Coordination with key functions including Internal Audit, IT Operations, IT Applications and Integrations, and IT Leadership.
Essential Job Functions
1. Manage the development, documentation, implementation, operation and maintenance of the Company's information security program to preserve the availability, integrity, and confidentiality of information resources. Enforce and monitor adherence to established IT Security policies and procedures across the enterprise. Build information security awareness within the organization.
2. Perform and evaluate information security assessments, including annual penetration tests. Support overall IT SOX 404 program requirements in compliance with information security policies, standards and client security requirements. Overall accountability for management review of the IT security and user-access and authentication controls. Serve as a subject matter expert on security projects/initiatives.
3. Define, implement, and monitor security solutions, including security information and event management (SIEM), intrusion detection, and end-point protection software. Enforce adherence to established security incident response process for all incidents/events identified. Lead/ensure thorough assessment, communication, remediation, and documentation of security incidents. Draft executive memo's for high risk and/or impact security incidents. Work to prevent further similar incidents whenever possible and perform post incident reviews.
4. Manage the execution and maintenance of the Company's Vulnerability Management Program. Manage vulnerability scanning, assess and risk-ranks vulnerabilities, and track progress/facilitate remediation efforts. ) 5. Manage department activity which includes providing resource scheduling for security tasks on projects, enhancements, and support activities; participating in formal and informal peer reviews of project teams; and guiding, coaching, and mentoring associates within the department. Ensure team effectively responds to requests timely and efficiently, adhering to established SLA’s.
6. Develop, monitor, track and report against IT Security metrics and KPIs that help the Leadership understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks. Drive process improvement and/or adjustments where necessary based on trends identified. Regularly report current events, initiatives, updates, and major incidents and problems to management. 7. Analyze incidents, problems and requests and identify trends and solutions. Keeps abreast of security legislation, regulations, advisories, vulnerabilities and alerts. Advise security management on importance and financial impact; offer improvement opportunities. Act as Subject Matter Expert and/or point of escalation for IT Security across the enterprise. Provide direction, motivation, training, and support to staff across the enterprise as it relates to IT Security
8. Manage MSSP vendor relationship. Act as primary contact; ensure team is meeting all SLAs; and manage continuous process improvements opportunities.
Education This position requires a(n) Undergraduate (Bachelor) Degree Additional degree(s) that are preferred for this position include: Undergraduate (Bachelor) Degree in Business or Information Technology
Work experience Below is the required/preferred work experience for this position:
Required/Preferred 5-7 Years General IT Security
Required 3-4 Years Specific IT Risk Management
Required 3-4 Years Specific Experience managing an information security program and staff.
Required 5-7 Years Specific IDS/IPS, SIEM, Vulnerability Management & Remediation Techniques, Data Loss Prevention, Endpoint security and Protection.
Preferred 5-7 Years General Information Security concepts, practices, and procedures.
Required Note: 8-10 Years of experience can offset minimum educational requirements for this position Licenses & Certifications
Below are the licenses/certificates required/preferred for this position:
Required/Preferred Certificate in discipline Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA)
Preferred Certificate in discipline Certified Information Systems Security Professional (CISSP)
Required Skills Below are the required/preferred skills for this position:
Required/Preferred Coaching / Development of Subordinates Working
Required Interpersonal Skills Advanced Required Organization & Planning Advanced Required System & Process Orientation Advanced Required Tolerance of Ambiguity Working Required Cyber Security Advanced Required Vulnerability Management Advanced Required IT Risk Mitigation Working Required Customer Partner Orientation Working Required IT Service Function Working Required
How can we make this page better for you? Add your suggestions below.