Description:
The IT Security Manager is a technical resource with the design, installation, operation, service and maintenance of a variety of multi-user information security systems. A hands-on technical specialist, the IT Security Manager handles the complex and detailed technical work necessary to protect our client’s information assets.
Roles and Responsibilities:
- Provide hands-on information security technical operational services to monitor and/or manage security products and tools such as IDS/IPS, Proxy, Email Security, SIEM, Malware, Wireless Security, Privilege Access Tools, etc.
- Fine tune and calibrate security tools used in our client’s environment
- Participate in our client’s security review process and change management process to provide technical evaluation of changes and new initiatives
- Create technical standards and guidelines while working closely with the Infrastructure teams to ensure standards are being met
- Stay abreast of changing threat landscape and recommends and/or implement appropriate controls to reduce risks to our client
- Participate in our client’s compliance efforts to ensure compliance with regulations and requirements
- Create and maintain technical procedure documentation on performing security tasks
- Document and perform daily security operational tasks while recording and maintaining records of variations and exceptions
- Act as a technical consultant on information security incident investigations and forensic technical analyses
- Conduct selected tests of information security measures in accordance with specific instructions
- Interpret information security policies, standards, and other requirements as they relate to a specific internal information system, and assist with the implementation of these and other information security requirements
- Redesign and reengineer internal information handling processes so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability
- Manage third party managed security services providers
- Serve as an active member of the Computer Emergency Response Team (CERT) and participate in security incident response efforts by, among other things, having an in-depth knowledge of common security exploits, vulnerabilities and countermeasures
- Develop technical documentation describing the deployment, configuration, and management of shared, networked, and multi-user information security systems
- Other duties as assigned
Required Qualifications:
- Experience with implementing, monitoring, maintaining, and tuning security tools such as IDS/IPS, SEIM, FIM, Malware Prevention, Email Security, Privilege Access Tools, etc.
- Experience with Sox and PCI compliance
- Excellent interpersonal skills including the ability to work with individuals at all levels in the organization and strong relationship building abilities
- Excellent communication skills, both written and verbal
- Ability to meet deadlines, keep organized records, and troubleshoot issues
Intangibles:
- Great attitude
- Enjoy working in a team environment
- Strong sense of problem ownership and responsibility
- Strong sense of ‘service culture’
- Passion for technology
Preferred Qualifications:
- Background with Cloud security
- Experience with managed security service providers
- ITIL background and/or certification
Required Certifications:
- CISM or CISSP
- CCSA is a plus