Security Manager

Information Technology Mt. Laurel, New Jersey


Description

SCOPE OF POSITION:

  • The Information Security Manager will work to establish and grow the IT Security department and framework into the Pinnacle Treatment Centers (PTC) culture.
  • Assess, recommends and assists in the remediation process for all PTC IT Security risks.
  • Assist in the Security Engineering, Architecture, and Planning for all future IT strategic initiatives. support the IT Infrastructure & Compliance Directors for all Audits (HIPAA, 42CFR, etc.) and provide monthly reporting of all Security projects and remediation.
  • Formulate company level security policies, standards, and procedures.
  • ESSENTIAL DUTIES AND RESPONSIBILITIES:

The Information Security Manager is responsible for envisioning and taking steps to implement the controls needed to protect both PTC information, as well as, information that has been entrusted to PTC by third parties.

  • Monitors developments in the information security field and recommend changes for improving our Defense In-Depth strategy.

         Oversees the implementation of Information Security technologies

  • Familiarity with managing and implementing Vulnerability Management Systems and performing vulnerability scans and remediation plans
  • Familiarity with Identity Management implementations and SSO solutions a plus
  • Monitor and manage new alerts from various Security Tools and 3rd Party Managed Security Services (MSS) Providers.
  • Client Endpoints & Web Content Filtering systems (AV, DLP, etc.)
  • Audit Logs for AD, SOX, HIPPA, 42CFR and other in-Scope Systems and Databases
  • Firewalls, Network Intrusion Prevention Systems & APT escalations from 3rd Party MSS
  • Email DLP
  • Mobile Device Management (MDM) implementation and management

 

  • Performs and/or oversees periodic security risk assessments that Identify current and future security vulnerabilities
  • Works with senior management to determine the acceptable level of risk to the business and ways to reduce that risk.
  • Define and maintain Information Security policies, procedures, and standards that meet regulatory compliance for our industry.

         Develop and maintain an Information Security Awareness Plan for PTC employees

         Audit Information Systems for compliance with established PTC policies, procedures, and standards

  • Analyze vulnerability assessments on all Information Systems, create reports, and recommend corrective actions.

         Define, implement and maintain an Information Security Incident Response Plan.

         As a permanent member and lead of the Information Security Incident Response Team duties include:

  • Quickly responding to a variety of events such as hacker break-ins, virus infestations, and insider computer fraud.
  • Working with public relations and top management to develop suitable public responses to information security incidents, violations, and problems.
  • Preparing post mortem analyses of information security breaches, violations, and incidents to illuminate what happened and how this type of problem can be prevented in the future.
  •   Serves as Information Security Consultant for various business initiatives and
       Information Technology projects.

• Assists with the establishment and refinement of procedures for the identification of PTC information assets as well as the classification of these information assets with respect to criticality, sensitivity, and value.

EDUCATION:

• B.S. in Computer Science or equivalent experience

• CISSP preferred, CISM a plus

• Microsoft Certifications a plus

• Understanding of Unix

EXPERIENCE:

• Minimum 710 years’ experience in information security management

• Minimum 5 years working in a Windows servers/VMware environment

SKILLS/PROFICIENCIES:

• Must have an ability to interface with other departments within IT, as well as, across the organization

• Must be highly motivated and able to take initiative with little direction

• Must be able to work in fast paced environment

• Must be a self-starter who can learn technologies with limited training

• Strong troubleshooting and diagnostic skills

• Ability to work additional hours as needed

• Must be a team player

• Some travel required

Pinnacle Treatment Centers is an Affirmative Action/EEO Employer – qualified applicants will be considered for employment without regard to protected veteran or disability status, race/color, religion, gender, national origin, age or any other legally protected basis.

 

We are an Equal Opportunity Employer with a commitment to diversity. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity, disability or veteran status.