The Manager of Information Security builds, and maintains critical security controls best practices, processes, and frameworks to advance information system security maturity across the organization. Proper implementation of industry security and regulatory standards such as NIST, CPRA, ISO, and others should be applied across the business. Responsibilities:
- Work with senior leadership to discuss any exposure or necessary changes affecting the organization's cybersecurity posture.
- Oversee existing cyber security tools, processes, runbooks, assessments, and plans.
- Propose plans for continuous improvement and execute on approved plans and timelines.
- Collect and maintain data to produce cybersecurity reporting.
- Implement methods for auditing and addressing non-compliance to standards and for bringing non-compliant environments into compliance
- Integrate cybersecurity requirements into the continuity planning for critical systems and during the evaluation of new systems being considered or proposed.
- Oversee the information security training and awareness program
- Provide system-related input on cybersecurity requirements to be included in statements of work for IT projects.
- Recognize a possible security vulnerability, incident, or violation and take appropriate action to report and mitigate, as required.
- Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
Qualifications
- Data backup and recovery
- Business continuity and disaster recovery continuity of operations plans.
- Intrusion detection methodologies and techniques for detecting host and network-based intrusions
- Encryption algorithms
- Network security architecture concepts including topology, protocols, components, and principles
- Measures or indicators of system performance and availability
- Laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructure
- Network traffic analysis methods
- Skill in creating policies that reflect system security objectives.
- New and emerging information technology (IT) and cybersecurity technologies.
- Penetration testing principles, tools, and techniques
- Excellent communication skills with ability to build relationships.
Why is This a Great Opportunity You will take a leadership role in determining company-wide policies related to IT governance and security for this major construction industry firm.