Information Security Manager
Brookfield, WI based client has immediate direct hire opening for Enterprise Information Security Manager. This person will be working closely with the other members of the technology department, and other teams within the company to develop and manage a comprehensive information security program. This role will be a key driver in delivering and implementing security policies, processes, standards, along with managing risk.
The Enterprise Information Security Manager will work with technology leadership to select and deploy technical controls to meet security requirements, and defines processes and standards to ensure that security configurations are maintained in accordance with the information security program.
The Enterprise Information Security Manager will own and enforce the overall information security policy for. This policy will cover, but is not limited to: Policy Adherence, Risk Assessment and Management, Sensitive Information Management, Vulnerability Management, Event Monitoring, Security Testing, and PCI compliance.
The successful candidate for this role will have a strong security and risk management background. They will have both SecOps and InfoSec experience with the ability to partner with others within the organization. They must be a leader with the ability to grow a team and develop\manage a program. Strong communication skills along with a desire to strive for continual improvement are a must.
1. Responsible for implementation, management, and organizational adherence of company Information Security Policy
2. Develop and manage information security program
3. Represent Information Security on all business and technology related initiatives
4. Work with various teams, vendors, and internal\external customers to asses and manage technology risk
5. Develop business cases for security investments and set priorities based on risk assessment
6. Research, evaluate, recommend, and implement information security related hardware, software, services, and processes
7. Maintain integrity of internal systems and processes via periodic audits both internal and external
8. Maintain oversight of security program and report on its efficacy
9. Resolve security related support tickets
10. Develop a common set of security tools and define standard operating procedure with regards to incident response
11. Monitor IDS/IPS/WAF/Firewall and other associated logs and respond appropriately to alerts
12. After-hours work may be required
Required Education, Skills and Experience
• A bachelor's degree and/or 8 to 10 years relevant industry experience
• Advanced in knowledge around various regulatory frameworks (ISO, NIST, PCI, etc)
• Maintain a good working knowledge of current and future security trends
• Security operations experience is required
• Solid technical background in a hosted services environment including infrastructure networks, hardware, software and telecommunications
• Ability to create and implement policy and procedures
• Ability to define, categorize, and manage risk
• Advanced experience in security as it relates to cloud based services and vendor management
• Experience with incident ticketing systems
• Experience using automated monitoring tools
• Ability to work in a team environment
• Good analytical, problem solving and decision-making skills
• Ability to maintain good working relationships with third party service providers and vendors
• Strong oral and written communication skills
• Experience working with development and infrastructure teams is strongly desired