Vacancy expired!
- Strong background in leading IT managed services to recommend and oversee integrated IT security and compliance operations
- Experience with developing and auditing comprehensive IT security controls, National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and COBIT, including familiarity with the OSI technology stack
- Experience with implementation of effective business contingency & continuity strategies
- A “hands-on” self-starter with managerial / leadership experience and a demonstrated ability to interact with technical and non-technical staff, various levels of management, and external parties to accomplish goals and objectives
- Demonstrated ability to anticipate, proactively respond to trends and/or shifts in the external environment (e.g., regulatory, vendor relationships, industry standards)
- Experience building an enterprise and effective cyber security awareness program in a metrics-based setting
- Self-motivated, proactive team player and collaborator
- 4 years bachelor’s degree and minimum 5-7 years in cyber security and compliance experience with increasing responsibilities
- Strong background in leading IT managed services to recommend and oversee integrated IT security and IT compliance operations
- Experience with developing and auditing comprehensive IT security controls, NIST Cyber Security Framework (CSF) and COBIT, including familiarity with the OSI technology stack
- Experience working with third-party security vendors, SOC, penetration testers, auditors, etc.
- Experience building an enterprise and effective cyber security awareness program in a metrics-based setting
- Knowledgeable of Security controls and requirements for broad IT system types (e.g., Cloud, Database, Network, etc.)
- Security certifications highly desired: CISSP, Security+, CISA, Cloud+ Certified Information Security Manager (CISM), ISACA Certified in Risk and Information Systems Control (CRISC)
- Self-motivated, proactive team player and collaborator
- Strong communication skills that enable cybersecurity, Information Technology (IT) and Business Sponsors discussions regarding the assessment process and results, while being able to clearly communicate key messages to senior leaders
- Strong leadership, project management, written, and technical skills are required
- Manager, IT Security & Compliance is responsible for enterprise information security and compliance with regulatory authorities and other standards entities, including but not limited to SOX, FTC Safeguards Rules, data privacy (GDPR), NIST Cyber Security Framework (CSF), etc.
- Managing and overseeing large projects involving information security, technology risk management, cybersecurity, or cyber risk management
- Manage and implementing enterprise-wide cyber risk governance frameworks
- Developing, implementing, and testing cyber resiliency plans
- Collaborate with various internal and external technical partners to identify, select, and implement cyber defense tools and business continuity capabilities
- Develop and grow the cyber security practice
- IT operations (incident planning/response and monitoring)
- Demonstrate the effectiveness and maturity of the security program through KPIs and metrics in Executive and operational dashboards; conduct quarterly and annual Cybersecurity Business Reviews (CBR)
- Collaborate with technical and non-technical partners to ensure policies, procedures, work instructions, and practices are compliant with various regulatory authorities including but not limited to SOX, FTC Safeguards Rules, data privacy (GDPR), NIST Cyber Security Framework (CSF), etc.
- Oversee and manage the Identity governance platform including access certification, requests, and provisioning
- Participate and follow Project Management Methodology. Work with PMO office
- Participate in the Change Control Board (CCB) and all related lifecycle changes to systems to ensure effective controls and compliance
- Ensure the timely collection and reporting of evidentiary documentation to satisfy compliance requirements of various regulations, notably SOX and FTC Safeguards Rules
- Primary interface with internal and external auditors on all IT systems, policies, and procedures
- Responsible for timely delivery of project initiatives achieved through experience-driven vision and planning skills and effective external vendor management
- Responsible for the governance and oversight of managed service providers performing outsourced information security and compliance operational activities
- Demonstrate commitment and support for company goals, objectives, and procedures
- Demonstrate professionalism and adherence to moral, ethical, and quality principles
- Participate in corporate and departmental meetings
- Comply with applicable regulations and corporate policies and procedures