Information Security Manager

Information Technology Houston, Texas


Description

The Information Security Manager (ISM) is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. This position includes assessing and managing the information security environment, implementing new technologies, and serving as a communication liaison with the senior leadership team and department managers in the organization. The ISM will proactively work with business units to implement practices that meet defined policies and standards for information security. This position will also oversee a variety of IT-related risk management activities.

 

ESSENTIAL DUTIES AND RESPONSIBILITIES

  • Strategic Support and Management
  • Create and manage security strategies, technology and capability roadmap, policies, and processes
  • Continuous assessment of current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvements
  • Oversee information security audits performed internally by the organization or third-party personnel
  • Oversight of the ISMS
  • Manage security Team Members and all other information security personnel
  • Serve as a focal point of contact for the information security team and the customer or organization
  • Communicate information security goals and new programs effectively to gain alignment with Senior Leadership team
  • Manage Team Member cybersecurity awareness training program
  • Coordinate measure and report on the technical aspects of security management
  • Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements
  • Manage and coordinate operational components of incident management, including detection, response and reporting
  • Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk
  • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements
  • Design, coordinate and oversee security-testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified vulnerabilities.
  • Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required
  • Liaise with external agencies as necessary, to ensure that the organization maintains a strong security posture
  • Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software
  • Assess security impact of technology upgrades, improvements, and other major changes to the information security environment
  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies
  • Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools
  • Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements
  • Maintain open communication through conversation and both formal and informal documents

 

REQUIRED SKILLS AND ABILITIES

  • Managerial leadership, analytical skills, and high-level problem-solving skills that allow for effective and efficient resolution to many complex information security issues
  • Able to complete responsibilities in a timely, professional, and quality manner
  • Project management skills: financial/budget management, scheduling and resource management
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. Effective written and oral communication skills; able to express oneself clearly and in technical and non-technical terms
  • Creative thinker
  • Collaborative and effective team player and able to work with teams who are globally dispersed
  • Set a good example of personal integrity
  • Demonstrate ability and willingness to learn; seek out development activities to improve skills and increase knowledge; learn from other team members and own mistakes
  • Take initiative, seek and act on opportunities to improve organization performance
  • Ability to translate specific goals into action and follow through to achieve goals
  • Proficiency in Microsoft Office suite (Outlook, Word, Excel)

 

KNOWLEDGE, EXPERIENCE AND/OR EDUCATION REQUIREMENTS

  • A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred
  • One or more Information Security Certifications (i.e. CISSP, CISA, CISM, CBCP, or GIAC)

  • Or, any equivalent combination of education, experience, and training that provides the required knowledge, skills, and abilities will be considered
  • A minimum of five years of IT experience, with five years in an information security role and at least two years in a supervisory capacity
  • Knowledge and understanding of relevant legal and regulatory requirements.
  • Strong understand of Security frameworks such as, NIST, CSF, ISO
  • Experience with SOC 2 audits and ISO certification and internal audits
  • A strong understanding of the business impact of security tools, technologies and policies

OTHER REQUIREMENTS

  • Must be able to lift and carry up to 50lbs
  • Exposure or experience with MDR/EDR


#LI-RZ1
#LI-Remote