Information Security Manager

As Information Security Manager, you will be protecting valuable information assets and reputation. You’ll be putting processes in place to prevent financial loss from cyber threats, and conducting ongoing risk management and assessment to keep everything safe and secure.

Here is a breakdown of role:

• Security Management: Develops and manages information security risk framework; evaluates third party risk and performs ongoing cyber risk management and threat assessments. Enforces operating model and governance of Cyber capabilities across MSSP, MSP and any other IT partners to ensure security standards are appropriately enforced, monitored and remediated. Oversees implementation and evaluates operational readiness of security capabilities to be managed by third-party service providers. Reviews cyber liability insurance coverage and integrates program offering and details appropriately. Assists in the design, selection and implementation of software, hardware, and efficient business processes.
• Security Performance: Defines metrics; gathers data and reports to the leadership team on operating effectiveness of information security controls managed by MSSP and other Security/IT partners. Monitors the utilization and effectiveness of security resources and services delivered.
• Communication: Creates communication plans in collaboration with executive team and key business units regarding security initiatives. Responds to information security questionnaires in support of our external agency partnerships. Communicates with project teams to integrate IT solutions with enterprise security capabilities to enable cyber security controls.
• Policies/Processes: Establishes and maintains roles and responsibilities between CCMC and service providers. Ensures security policies, procedures, and frameworks are updated regularly with active involvement of key stakeholders such as Internal Audit, Legal, Human Resources, and impacted business users.
• Other duties as required: Job may require fulfilling other incidental or related duties as assigned, assisting and training others, and performing duties of higher rated positions from time to time for developmental purposes.

Qualifications

Minimum Requirements

• BA/BS in Information Systems or Related Field
• 7 Years of Business Experience in Information Security Work or Directly Related Experience
• 7 Years of Extensive Experience with Industry Standards such as HIPPA, NIST, NAIC, PCI, and Other Security Frameworks

Preferred Experience & Certifications

• Some Client-Facing Experience in a Highly Regulated Field such as Healthcare or Financial Services
• Some Experience Leading Technical Teams Focused on Implementation of Infrastructure and Software Systems
• 3 Years Experience Planning, Installing, and Maintaining Network Infrastructure, Microsoft, and End User Environments
• Existing CISSP or CISM Certifications or the Ability to Obtain Both Certifications