IT Security Manager
: Job Details :

JOB SUMMARY The IT Security Manager serves as the process owner for security and infrastructure activities related to the protection, prevention, recovery and training for users, processes and business systems information in accordance with the organizations information security policies DUTIES & RESPONSIBILITIES Maintain a corporate-wide information security management program to ensure that information assets are adequately protected. Implement and monitor a strategic, comprehensive enterprise information security and risk management program Implement security protocols and best practices to protect sensitive data and ensure compliance with regulations (e.g., SOX, PCI, GDPR). Collaborate with software engineers, product managers, and other stakeholders to integrate security measures into the product development lifecycle. Assist in completion of cybersecurity / data privacy review by potential customers and business partners Maintain a vendor cybersecurity / data privacy program to perform initial and on-going diligence as to the adequacy of each vendors cybersecurity / data privacy processes and protections. Lead incident response efforts and investigate security incidents or breaches to mitigate risks and prevent future occurrences. Perform penetration testing and vulnerability assessments to identify weaknesses in systems and recommend solutions for remediation. Understand and interact with related functions to ensure the consistent application of policies and standards across all technology projects, systems and services Provide guidance and support to internal teams on security-related matters, including training and awareness programs. Manage team members responsible for IT security, operations and infrastructure support activities. QUALIFICATIONS Required: A Bachelors degree in IT Security, Cybersecurity or educational equivalent is a plus. Minimum of 5 to 7 years of experience in a combination of risk management, information security and IT operations. Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST. Knowledge of cloud platforms like AWS, Azure and tools for monitoring and securing them. Knowledge of MDR solutions. Strong understanding of security principles, protocols, and technologies, including encryption, firewalls, intrusion detection systems, etc. Experience with security assessment tools and methodologies, such as penetration testing, vulnerability scanning, and risk analysis. Familiarity with regulatory requirements and standards. Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary. Experience with contract and vendor negotiations and management including managed services. Excellent written and verbal communication skills and high level of personal integrity Preferred: Exposure to Secure Product Development Framework (SPDF). Relevant IT Security certifications (e.g., CISSP, CEH, CISM, etc.). Use Palo Alto Firewall PHYSICAL DEMANDS & WORK ENVIRONMENT Must be able to remain in a stationary position and operate office equipment for a prolonged period. Physical activities include, but not limited to constant manual dexterity, moving about the work site, and/or handling objects weighing up to 20 lbs. Other infrequent physical activities include, but not limited to, positioning self to complete assigned tasks, and ascending/descending floors and/or ladders. Must be able to work in a schedule that commensurate with business operation, including work during weekends, holidays and/or times outside of normal business hours. Must be able to travel as business necessitates (up to 10 %). 90-100k, Hauppauge NY in office 3 days per week.