Information Security Manager

About The Position

Requirements

• Exceptional interpersonal skills with the ability to communicate in a clear, professional, and articulate manner.
• Exceptional verbal and written communication skills.
• Excellent organizational, analytical, and problem-solving skills with high-level attention to detail.
• Ability to analyze systems and procedures
• Strong multitasking skills with the ability to manage multiple design streams across concurrent work effort.
• Must be self-motivated and able to work well independently as well as on a multi-functional team.
• Ability to handle sensitive and confidential information appropriately.

Nice To Haves

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related.
• Minimum of 5 years of experience in information security, cybersecurity, or IT risk management.
• At least 2 years in a leadership or managerial role in information security.

Responsibilities

• Develop, implement, and continuously improve organizational information security policies, standards, and procedures.
• Ensure alignment of security policies with organizational goals, regulatory requirements, and industry best practices (e.g., NIST, ISO 27001).
• Monitor and enforce compliance with security standards for staff and third-party vendors.
• Conduct regular audits, gap analyses, and performance assessments of security policies and controls, addressing deficiencies and making recommendations.
• Conduct periodic risk assessments for IT systems, infrastructure, and vendors to identify vulnerabilities, threats, and weaknesses.
• Work with internal teams to mitigate known vulnerabilities and prioritize remediation strategies.
• Utilize vulnerability scanning tools and methodologies to proactively safeguard systems.
• Supervise the management and monitoring of security information and event management (SIEM) systems to promptly detect and respond to security breaches.
• Direct security incident response efforts, including managing containment, analysis, and remediation actions, and leading post-incident investigations.
• Analyze root causes of security violations and design proactive measures to prevent recurrence.
• Collaborate with cybersecurity teams, IT departments, and third-party vendors in supporting a robust incident response process.
• Oversee the configuration, management, and monitoring of security systems, such as firewalls, intrusion detection/prevention systems, encryption protocols, and antivirus software.
• Safeguard sensitive data by managing access controls and permissions, ensuring compliance with data protection regulations such as GDPR, HIPAA, and CCPA.
• Implement and enforce secure protocols for data at rest, in transit, and during processing.
• Develop and deliver ongoing cybersecurity awareness and training programs to all organizational employees.
• Advocate for a security-first culture by providing guidance and resources to non-technical teams.
• Conduct phishing simulations and other exercises to assess and improve employee preparedness.
• Ensure compliance with relevant laws, regulations, and standards, such as SOC 2, PCI DSS, FISMA, or other industry-specific requirements.
• Maintain detailed documentation and prepare reports for stakeholders, auditors, and regulatory organizations.
• Other duties as assigned.

Benefits

• Medical, Dental and Vision Insurance; Wellness Program
• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
• Short-Term and Long-Term Disability options
• Basic Life and AD&D Insurance (Company Provided)
• Voluntary Life and AD&D options
• 401(k) Retirement Savings Plan with matching after one year
• Paid Time Off