Hiring a Information Security Manager in Salt Lake City, UT
Our client, a world leader in client and employee recognition services and programs, is looking for an Information Security Manager. The Information Security Manager provides technical leadership for IT security strategy and architecture development/design, system and software requirements, analysis, specification, implementation, testing, integration and accreditation of trusted systems. Evaluates and executes the technical security vulnerabilities and control measures of various network, operating system, database and enterprise applications (IOS, UNIX, Linux, Windows, DB2, MS SQL, Oracle, SAP, etc.) to prevent external parties from improperly accessing company information, interfering with operations, or otherwise jeopardizing the client’s ability to conduct business. Where Information Security audit oversight (rather than technical oversight) is required as a mitigating control for sensitive processes, the Information Security Manager establishes and maintains necessary audit regimens to satisfy those controls.
Duties and Responsibilities
- Serves as the client’s Information Security Expert.
- Researches and develops all aspects of information security engineering with responsibility to assess and mitigate system security threats/risks throughout the program life cycle.
- Provides thought leadership in the direction and sustainability of Information Security Services.
- Leads development, documentation and maintenance of information security policies, procedures, and standards across departments
- Defines, validates, and assists in system and software architecture and design to ensure that the client’s assets are appropriately secure at all times.
- Monitors and routinely audits compliance to all information security procedures and policies, and ensures consistency of internal controls across departments.
- Initiates, facilitates, and promotes activities with peers in the IS Department, as well as various business groups, to ensure enterprise-wide understanding of security goals, to solicit feedback, and to foster co-operation.
- Coordinates the development, consolidation and periodic review of the organization security policies, standards and procedures.
- Oversees the dissemination of security policies, procedures and practices to employees and business associates.
- Participates in the development and maintenance of disaster recovery and business continuity plans for the organization.
- Researches and responds to attempted efforts to compromise security controls.
- Provides oversight and ownership for intrusion detection and response.
- Monitors the internal control systems to ensure that appropriate access levels are maintained.
- Ensures the confidentiality, integrity, and availability of data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
- Advises on applicable encryption methods to secure data at rest and in transit.
- Creates and maintains information system and software security certificate purchasing and renewals, including oversight for PCI compliance.
- Provides information, training and consulting to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.
- Troubleshoots and resolves security related computer or network problems.
- Recognized as a senior level contributor responsible for execution of projects that link to corporate strategy and objectives.
- Recognized as a technical expert with ability to solve complex problems and establish innovative solutions.
- Maintains up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors
- Attends conferences and training as required to maintain proficiency.
- Other duties, and projects, as assigned.
Desired Skills and Experience
- Relevant technical BA/BS Degree (Computer Science, Engineering). Advanced degree preferred
- 10+ years of progressive, related experience
- 2+ years of management experience
- CISSP, CISM, or SANS certification
- Knowledge of relevant legal and regulatory requirements
- Experience in IDS/IPS, SEIM, Log Management, Patch Management, Vulnerability Management, eDiscovery, Virtual Machine Security
- Experience in Security Architecture, Policies & Standards, Risk Management, Incident Handling and Response, Information Classification
- Ability to clearly communicate technical concepts to a non-technical business audience, clients/partners, and executives.
- Strong analytical skills
- Ability to deliver projects on-time, on-budget
- Strong interpersonal and leadership skills
- Must be able to perform well under pressure
- National security clearance a plus
Please send Resume to firstname.lastname@example.org