Senior Manager/Director of IT Security
Senior Manager/Director of IT Security
*Position will start in Lake Forest, IL and then move to Chicago starting in the 4th Quarter of 2018*
Prestigious Global Company is looking for a Senior Manager/Director of Information Security.
This individual will work with the CISO to develop a security roadmap, program, projects, standards, and policies that address identified risks and business security requirements. Individual will lead all Security Engineering and Operations teams which include the Security Operation Center (SOC), security solution design, implementation and support, incident response, forensics and investigations, documentation, and RCA's. This individual is accountable for establishing the technical security standards and guidelines for the Company enterprise and reviews and advises on any solutions that fall outside of these specifications. They will lead the implementation of IT security programs, projects and infrastructure changes with metrics for ongoing performance measurements and reporting. They will lead a team of IT security operations center professionals to attain security program objectives and goals. In addition, they will manage third party cybersecurity partners and vendors including evaluation, selection, contracts, and relationships. In addition, proactively stay ahead of industry regarding education, certification, best practices, and tools.
- A bachelor's degree in computer science, information systems management, or related discipline. An M.B.A. or M.S. in similar disciplines is a plus.
- Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) a plus.
- A minimum of 7 years of IT experience and at least two years in a supervisory capacity.
- Demonstrated applied knowledge in information security and compliance is required.
- 5-8+ years of experience in running the information security program analysing and applying information security and risk management related practices
- 5-8+ years of experience in strategic planning, budgeting, and allocation
- 5-8+ years of experience with regulatory compliance and information security management frameworks (eg, IS027000, COBIT, NIST 800, etc.)
- Communication (verbal & written) and partnering skills with both technical & non-technical users.
- Ability to prioritize across various tasks, manage changes in daily workload, and guide multiple teams.
- An understanding of IT Project Management.
- Experience with SOC, SIEM, next generation Firewall and intrusion protection, advanced anti-virus and malware detection, endpoint security, cloud security, and related cyber security tools and services. An understanding of operating system internals and network protocols.
- Experience with regulatory compliance and information security management frameworks (eg, IS027000, NIST 800, etc.)
- Experience in cyber security testing and remediation (vulnerability scanning and penetration testing).
- Detail oriented with strong organizational and project management skills in order to meet deadlines, complete tasks and respond to needs.
- Familiar with continuous improvements and agile methodology.
- Desire to work in a diverse environment interacting with many roles and teams to support strategic objectives.
- Work with the Director to develop a multi-year cyber security strategy, program and projects that address identified risks and business security requirements.
- Work with the Director to develop and manage operations and capital budget based on short- and long-term goals and objectives.
- Develops and implements security standards, processes and procedures, and guidelines for the security operations center and enterprise.
- Ensures and monitors security compliance with industry and government rules and regulations.
- Reports security performance against established security metrics.
- Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff.
- Serve as an active and consistent IT leader in information security governance.
- Provide support and guidance for legal and regulatory compliance efforts, including audit support. Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
IT Security Operations Leadership
- Lead a staff of information security operations center professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.
- Lead the day-to-day activities of threat intelligence, vulnerability management and lab, identify risk tolerances, recommend remediation plans and communicate information about residual risk.
- Lead penetration testing, vulnerability scanning, and employee awareness training and testing.
- Manage cyber security issues and incidents, and participate in incident response, problem and change management forums.
- Manage outsourced partners and vendors that provide information security functions for compliance with contracted service-level agreements.
- Manage and coordinate operational components of incident management, including detection, response and reporting.
- Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
- Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.
IT Technical Security Leadership
- Champion security by design with business, IT and security teams to ensure that cyber security is factored into the evaluation, selection, development, installation and configuration of hardware, applications and software.
- Define and ensure the implementation of technical controls to support and enforce defined security policies.
- Research, evaluate, design, test, recommend and plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Work with the enterprise architecture and infrastructure leads to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.