Information Security Manager
Information Security Manager
When you think of Hunter Douglas, the leader in the custom window covering market, you may not realize we have an innovative, world-class IT team. We are using industry leading software, hardware, and applications. We’ve spent the last four years implementing the newest SAP platform, S4 Hana, across our enterprise. After our successful go-live earlier this year we are looking to build our internal security resources following the NIST Framework. This is a new role within the organization and will heavily influence security protocol moving forward while also educating the executive team about best practices and legal standards. This is your opportunity to build a mission critical function from the ground up.
What will you do?
- Monitors and routinely audits compliance to all information security procedures and policies and ensures consistency of internal controls across departments.
- Lead remediation process for all security related gaps identified during audits and third party reviews.
- Help align process, procedure, network, and system standards to the company’s IT security policies.
- Manage the on-boarding of technology related projects to ensure alignment with security policies, guidelines and ISP process.
- Drive annual compliance certification and oversee all related controls and documentation management.
- Manages the ongoing vulnerability scanning and assessment process, partnering with IT and third parties to resolve vulnerabilities in a timely manner to maintain compliance.
- Partners with the organization to ensure effective implementation and ongoing management of security tools, systems and processes including: logging, IDS, IPS, endpoint protection, web filtering, MDM, DLP, patch management, vulnerability scanning technologies, etc.
- Partner with the infrastructure team to develop strong security posturing including reviewing firewall policies, additional network segmentation and filtering policies to better protect the network.
- Provide oversight to IS operation team to manage end user computing on endpoint security, patching and policy management.
- Provides oversight, guidance and development of requirements for vendor selection for new and replacement technologies within the IT Security footprint.
- Interfaces with management and user community to understand business needs, implement security best practices, and identify opportunities for improving security and compliance.
- Partners with the training and professional development staff to promote security awareness among users.
- Review and develop the company’s overall security program, managing multiple security projects at a time.
What will you have?
Solid knowledge in CISSP, CISM or GSEC Security Certification preferred.
Expert knowledge of security best practices (encryption, data protection, design, privilege access, etc.).
Solid knowledge and experience with managing and implementing standard security technologies (DLP, MDM, SIEM, AV, IDS).
Solid knowledge and experience with file management access tool such as Varonis and ability to drive data owner entitlement review process.
Solid knowledge in compliance management and certification (PCI, GDPR, CCPA).
Basic knowledge of networks technologies (protocols, design concepts, access control).
Solid knowledge and proficiency in planning, reporting, establishing goals and objectives, standards, priorities and schedules.
Acceptable Training and Experience includes Bachelor’s degree or equivalent in related field. Minimum of 5 years’ experience in IT or Security Management.