Reporting to the Chief Information Security Officer (CISO), the Information Security Manager is responsible for information security policy assessments, enforcing compliance with firm security policies and applicable law, vendor management and security incident management. Working with the firm’s Information Technology Services; the Information Security Manager will coordinate and assess compliance audits, business continuity and disaster recovery programs, network penetration tests, vulnerability assessment scans and risk assessment reviews.
Duties and/or Responsibilities:
Experience with IT security, compliance, risk and privacy frameworks such as ISO 27001, NIST 800-53, HIPAA, GDPR.
Help develop, manage, audit and enforce security related policies and procedures.
Manage compliance and respond to security assessments and audits by ISO, clients, etc.
Manage periodic security vulnerability and penetration testing.
Manage patch management program.
Manage system logs and security-related infrastructure.
Manage incident response and support systems.
Manage and review infrastructure technology vendor contracts and risk assessments.
Work with IT Management to ensure that Business Continuity program components are current, effective, and address business requirements.
Participate in the design and deployment of new software systems, services, components, features, etc.
The Information Security Manager will be expected to have:
Knowledge of Windows system administration and Active Directory.
Knowledge of network security principals, best practices and industry standards.
Knowledge of security models that maintain and enforce security policies.
Knowledge of security tools and concepts including: IDS/IPS; SIEM; Web Proxy; Encryption; Patch management; Vulnerability Scanning & Remediation; Forensics; Penetration Testing; DLP; Email Gateways; Anti-spam Services; MDM; Privileged Account Management; Log Analytics; Two Factor Authentication; Single Sign On; Antivirus.
Exceptional communication skills both within and outside of the IT Department.
3-5 years of experience working in Information Security.