Please scroll down, To apply

Information Security Manager

Intero Group Tech

2021-12-04 02:00:03

Fort Lauderdale, Florida, United States

Job type: fulltime

Job industry: HR / Recruitment

Job description

SUPERVISORY RESPONSIBILITIES:Projects and Junior Staff as directed.

GENERAL FUNCTION:

NATURE OF WORK:

The Information Security Manager (ISM) is responsible for developing and monitoring practices to ensure that all information is secure from unauthorized access, protected from inappropriate alterations, physically secure, and available to authorized users in a timely fashion. The ISM's duties include training in and dissemination of security policies, procedures, standard, guidelines, and practices as well as developing strategies and plans to provide for the timely business resumption in the event of a serious disruption. Implements and supports information security initiatives throughout the organization. The ISM acts as a focus and resource for organization information security matters. Investigates and recommends secure solutions that implement information security policy and standards. Oversees implements and monitors the National Industrial Security Program and special security requirements levied by the Department of Defense and intelligence community agencies. The IT Security Manager is expected to interface with peers in the Systems and Network departments as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation.

ILLUSTRATIVE TASKS:

Strategy & Planning

• Create and maintain the enterprise's security architecture design.

• Create, and maintain the enterprise's security awareness training program.

• Create and maintain the enterprise's security documents (policies, standards, baselines, guidelines and procedures).

• Create and maintain the enterprise's Business Continuity Plan and Disaster Recovery Plan, where appropriate

• The Information Security Manager is responsible for chairing the Governance Risk & Compliance Committee (GRC)

Acquisition & Deployment

• Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.

• Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise's existing procurement processes.

• Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise's security documents specifically.

Operational Management

• Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.

• Ensure the enforcement of enterprise security documents.

• Supervise all investigations into problematic activity and provide on-going communication with senior management.

• Supervise the design and execution of vulnerability assessments, penetration tests and security audits.

• Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents.

• Engage in ongoing communications with peers in the Systems and Networking groups as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.

ESSENTIAL KNOWLEDGE, SKILLS AND ABILITIES:

• Strong knowledge of: PCI DSS 3.2, HIPAA applicable security / privacy controls, NIST 800-53, NIST cybersecurity framework, and COBIT.

• General knowledge of common application security architecture and vulnerabilities (e.g. OWASP Top 10), attack techniques and remediation tactics/strategies.

• Extensive experience in enterprise security architecture design.

• Extensive experience in enterprise security document creation.

• Experience in designing and delivering employee security awareness training.

• Experience in developing Business Continuity Plans and Disaster Recovery Plans.

• Working technical knowledge of CISCO IOS, switches and firewalls

• Strong understanding of IP, TCP/IP, and other network administration protocols.

• Proven analytical and problem-solving abilities.

• Ability to effectively prioritize and execute tasks in a high-pressure environment.

• Good written, oral, and interpersonal communication skills.

• Ability to conduct research into IT security issues and products as required.

• Ability to present ideas in business-friendly and user-friendly language.

• Highly self-motivated and directed.

• Keen attention to detail.

• Team-oriented and skilled in working within a collaborative environment

• Strong computer skills including Microsoft Office (Excel, Word, Power Point, Project Manager, and Visio)

POSITION KNOWLEDGE, SKILLS AND ABILITIES:

• Familiarity with Microsoft technologies, Intel and AMD based hardware, and enterprise server-based environments mandatory.

• Ability to provide customer satisfaction and quality service.

• Ability to relate technical communications issues clearly, both orally and in writing, to non-technical individuals.

• Ability to work on a team, promote teamwork and customer goodwill.

• Ability to establish and maintain effective working relationships with the general public, co-workers, elected and appointed officials and members of diverse cultural and linguistic backgrounds regardless of race, religion, age, sex, disability or political affiliation.

• Ability and commitment to provide occasional coverage after normal working hours for non-standard processing situations, position vacancies, or when shifts in daily hours are warranted to improve coverage in peak or critical processing cycles.

• Ability to shift project assignments immediately due to project priority changes, even in primary assignment areas, based on personnel availability and workload requirements

• Ability to lift materials (for example, documentation binders) weighing up to forty (40) pounds without assistance during the course of a standard business day, or for a full standard business day if required.

• Ability to reach high shelves and bend below desk levels without assistance (access boxes, documentation binders, etc.) during the course of a standard business day, or for a full standard business day if required.

• Ability to participate in meetings or Tele-conferences for duration of up to four (4) hours.

• Ability to communicate both orally and in written form, clearly and concisely, with superiors, managers, and clients and directors.

• Ability to sit and utilize a standard computer workstation configuration (standard CPU, standard monitor, standard keyboard, etc.) during the course of a standard business day, or for a full standard business day if required.

• Ability to perform minor computer related equipment installations/maintenance involving considerable manual dexterity while employing such tools as screwdrivers, small pliers, etc.

• Ability to visit various offices in different geographical locations within and without the courthouse. This includes the ability to travel to the satellite offices.

• Must have the ability to visually inspect/view and manipulate small computer components.

• Firm understanding of servers and operating systems.

• Performs any duties or tasks as assigned.

MINIMUM QUALIFICATIONS:

• Associate degree from an accredited college with course work in computer science or information systems.

• 3+ years Information Security Compliance, security engineering or architecture experience.

• One or more of the following certifications:

o GIAC Security Essentials Certification

o GIAC Security Leadership Certification

o ISACA Certified Information Security Manager

o Microsoft Certified Systems Engineer: Security

o (ISC)2 SCCP

o (ISC)2 CISSP

o (ISC)2 ISSAP

PREFERRED QUALIFICATIONS:

• Bachelor's degree from an accredited college with course work in computer science or information systems.

• 5+ years Information Security Compliance, security engineering or architecture experience.

• Two or more of the following certifications: