5 days old
2018-05-152018-06-12

Manager Information Security

Portsmouth, NH 03801
  • Job Code
    620985

Manager, Information Security


Manager, Information Security


The Manager, Information Security is a member of the Information Technology team and works closely with the other members of the department, and other teams within the company to develop and manage a comprehensive information security program. This includes implementation of security policies, processes and standards. The Manager, Information Security works with the department director and CIO to select and deploy technical controls to meet security requirements, and defines processes and standards to ensure that security configurations are maintained.


Responsibilities include:



  • Primarily responsible to develop, enhance, and sustain the company's information security program and roadmap



    • Evaluate current security practices and develop a practical risk based roadmap to protect company assets from external and internal risks
    • Research, evaluate, recommend, and implement information security related hardware, software, services, and processes
    • Develop business cases for security investments and set priorities based on risk assessment
    • Implement approved projects on time and on budget and operationalize daily maintenance tasks
    • Develop security processes and procedures, and define service-level agreements to ensure that security controls are managed and maintained
    • Define security configuration and operation standards for systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
    • Develop, validate, and enforce baseline security configurations for operating systems, applications, networking, and telecommunications equipment
    • Define security testing criteria for systems and applications
    • Maintain integrity of internal systems and processes via periodic audits
    • Maintain oversight of security program and report on its efficacy

  • Resolve security related support tickets


    • Develop a common set of security tools and define standard operating procedure with regards to incident response
    • Monitor IDS/IPS/WAF/Firewall and other associated logs and respond appropriately to alerts

  • Report to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance


    • Advise on security requirements and controls; ensure the security controls are implemented as planned
    • Administer and report on cybersecurity education program efforts

  • Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life cycle


    • Work with the IT department and members of the information security team to identify, select and implement technical controls
    • Advise IT administrators on normal and exception-based processing of security authorization requests
    • Manage Security Analysts work efforts and validating their work

  • Research and assess new threats and security alerts


    • Perform control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls; recommend and implement remedial actions

  • Support the execution of risk assessment activities, and analyze the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies


    • Assist in the definition and implementation of controls
    • Define incident detection and response guidelines
    • Provide first and second level support and analysis during and after a security incident
    • Participate in security investigations and compliance reviews, as requested by internal or external auditors



Requirements


Desired Qualifications/Experience/Skills



  • BS in computer science preferred.
  • At least 5-7 years of direct information technology security related experience
  • Highly-developed communications skills, both written and oral, as well as strong facilitation and leadership skills including mentoring
  • In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls
  • Experience in developing and documenting security architecture and plans, including strategic, tactical, and project plans
  • Knowledge of risk assessment methods and technologies
  • Experience with Intrusion Prevention Systems, Firewall technologies and administration
  • Experience conducting network/web penetration tests, ethical hacking exercises, log monitoring/analysis, and security audits/assessments
  • Understanding of



    • Fixed and mobile endpoint threats and protection options
    • Identity theft risks and mitigation
    • Wireless exploits and protection measures
    • Secure network engineering encompassing firewalls, routers, and switches
    • Data loss prevention
    • Penetration testing methods
    • Network monitoring and analysis methods and tools
    • Multi-factor authentication
    • Account monitoring and control, to include privileged account exploits and controls
    • Encryption methods and tools
    • SIEM and Identity Access Management systems
    • Anti-malware solutions
    • Automated policy compliance tools
    • Vulnerability management, network scanning and desktop security tools
    • Email-based exploits and counter-measures

  • Excellent technical knowledge of mainstream operating systems and networking concepts
  • A teamwork-oriented, collaborative approach to working
  • Conversant in:


    • 1) Common information security management frameworks, such as International Organization for Standardization (ISO) 27001 and the ITIL, COBIT and National Institute of Standards and Technology (NIST) framework
    • 2) Risk assessment methods and technologies; performing risk, business impact, control and vulnerability assessments

  • Experience conducting forensic analyses and generating useful reports
  • Critical thinking skills
  • Ability to work independently and capable of handling
  • CISSP and or GIAC certification or similar preferred

Categories

Featured Jobs

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Manager Information Security

Randstad Technologies
Portsmouth, NH 03801

Share this job

Manager Information Security

Randstad Technologies
Portsmouth, NH
US

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
th -
Overall Rating: /199
Median Salary:

Work Environment
Stress
Growth
Powered ByCareerCast