Manager, Information SecurityGrade: 68
Position Number: VIS-INS840
Minimum Salary: Commensurate with experience
The IT Security Manager performs two core functions for the enterprise: (1) overseeing the operations of the enterprise’s security solutions and (2) establishing an enterprise security stance through policy, architecture and training processes. Tasks will include the selection of appropriate security solutions, and oversight of any vulnerability audits and assessments. The IT Security Manager is expected to interface with peers in the Information Technology Services (ITS) department as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation.
Summary of Primary Accountabilities:
Examples of responsibilities of this position may include, but are not limited to:
- Ensures the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
- Oversees the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
- Designs, implements and ensures the enforcement of enterprise information security policies and procedures.
- Maintains the enterprise’s Disaster Recovery Plan and facilitate Business Continuity Planning where appropriate.
- Provides direct information security training to all employees, contractors and other third parties.
- Monitors compliance with the organization’s information security policies and procedures among employees, contractors and other third parties and refers problems to appropriate department managers or administrators.
- Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained.
- Performs information security risk assessments and serves as the internal auditor for information security processes.
- Monitors the organization’s disaster recovery plan.
- Engage in ongoing communications with peers in the ITS department as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.
- Serves as an internal information security consultant to the organization.
- Monitors advancements in information security technologies and changes in legislation and accreditation standards that affect information security.
- Serves as the primary contact for all ITS audit-related activities.
- Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
- Reviews all system-related information security plans throughout the organization’s network.
Bachelor’s Degree in Information Systems or a related field and/or 5 years equivalent work experience. Ability to present ideas in business-friendly and user-friendly language. Ability to conduct research into IT security issues and products as required. Certified Information Systems Security Personnel (CISSP) certification is preferred. The successful candidate will also possess:
- Extensive experience in enterprise security architecture design.
- Extensive experience in enterprise security document creation.
- Experience in developing Disaster Recovery Plans.
- Excellent written, verbal and interpersonal communication skills.
- Excellent project and change management skills.
One or more of the following certifications is a plus:
- GIAC Security Essentials Certification
- GIAC Security Leadership Certification
- ISACA Certified Information Security Manager
- ISACA Certified Information Systems Auditor
- (ISC)2 SSCP (Systems Security Certified Practitioner)