Senior Manager, Information Security

Senior Manager, Information Security

Reporting to the Head of Information Security & Governance, the Sr. Manager of Information Security is a primary team member who is responsible for strategy, execution and program management for information security department. The Information Security Sr. Manager will ensure that all information assets are adequately protected. They will partner with leadership across the organization to advance the information security needs of the company.

• Responsible for identifying, evaluating reporting on, and mitigating information security risks in a manner that meets internal, compliance and regulatory requirements, and responding to incidents that may occur.
• Evaluate and test Information Security controls and leads the development, enforcement, and maintenance of policies, procedures, measures, and mechanisms to protect the confidentiality, integrity and availability of information.
• Identify and balance security initiatives to risks.
• Help develop and prioritize security initiatives and options.
• Will partner with constituents throughout the company to achieve strategic goals and ensure the appropriate balance is achieved between risk and controls.
• Possess strong influencing skills to educate and shift the security tolerances of the company, executives, employees, vendors and partners. He/she will also possess strong communications skills to support the sales and support efforts of the company.
• Oversee and coordinate security efforts across the company, including information technology, cloud operations, product engineering, processional services, human resources, legal, facilities management and other groups.
• Oversee safeguarding of intellectual property, customer information, financial transactions and computer systems.
• Manage the ongoing documentation, development, implementation, and maintenance of the company's Information Security Program Framework (ISPF), including publication of all Security Policies and oversight and collection/retention of all associated standards.
• Ensure compliance with contractual and legislative mandates through these policies and standards.
• Devise policies and procedures regarding areas such as information security, business continuity planning, loss prevention and fraud prevention, and privacy.
• Create and maintain necessary security related programs such as security awareness, business continuity, and incident management etc.
• Develop and mentor coworkers in regards to information security.
• Ensure that information security standards and policies are understood and followed.
• Understand the fundamental business activities and work with the various departments to develop appropriate information security solutions that adequately protect these activities.
• Provide subject matter expertise across the enterprise, and to the organization related to projects, initiatives, and strategic decisions to ensure proper consideration of information security requirements.
• Investigate security breaches and lead computer forensics efforts.
• Act as the central point of contact for all communications dealing with information security incidents.
• Manage the coordination and communication across all Information Security Team Committee members, and ensures that any exceptions are approved through established authorization channels, and documented according to established guidelines.
• Responsible for the notification and escalation of information to key individuals within the company.

We are looking for candidates who possess the combination of the following achievements, skills and behaviors:

• Thorough knowledge of all aspects of information security and compliance including SOX and SSAE 16, ISO 27001/2, and PCI.
• Solid understanding and demonstrable experience in project and security program management.
• Knowledge of the Software Development Life Cycle (SDLC).
• Solid understanding in application security, cloud security, security operations, incident response and infrastructure security
• Experience securing software solutions in the Public Cloud.
• Knowledge of networking and security technologies such as, IPSEC, VPN, routers, switches, firewalls, intrusion detection/prevention, data leakage, WAF, DNS and TCP/IP networking.
• Skilled in communicating conceptual and technical information both verbally (on phone, one-on-one, to groups) and in writing (emails, letters, reports, presentations) to various audiences (work group, team, company management, external clients).
• Ability to establish and maintain relationships with individuals at all levels of the organization, in the business community and with vendors.
• Prior management experience
• Ability to lead initiatives, make decisions and drive change across the organization
• Skilled in translating technical data into business impact information.
• Proven analytical and problem solving abilities.
• Experience working in a team oriented and collaborative environment,…