We are looking for an IT Security Manager who will to be responsible for administering operational security of desktop, mobile, and network security in our enterprise. The Security Manager will implement security policies and procedures, and administer the organization security tools. To be a successful Security Manager, you should be meticulous and detail-oriented, with excellent technical and information security skills. You should also be skilled at drafting security policies and training less technically skilled employees to be security conscious.
The Security Manager works independently within the established procedures to ensure network security access and protect against unauthorized access, modifications, or destruction. Responsibilities include participating in the risk assessment process, audits, staff training sessions, security monitoring, and administering the security tools used by our organization. Additionally, the Security Administrator will participate in the development of a robust security program including, data loss prevention, insider threat, vulnerability management, endpoint security, and access reviews. This will include the evaluation, budgeting, planning, and executing the implementation of new security systems. The role requires in-depth expertise in specific hard skills such as networking, protocols, and common security systems. This role also takes part in Identity Governance and Administration.
- Executing the tasks inherent to the establishment and maintenance of a robust information security program. (50%)
- Installing, administering, and troubleshooting network security solutions.
- Updating software with the latest security patches and ensuring the proper defenses are present for each network resource.
- Configuring security systems, analyzing security requirements, and recommending improvements.
- Executing implementations of new security systems in accordance with the company Project Management Office methodology.
- Performing vulnerability and penetration tests, identifying and defending against threats, and developing disaster recovery plans.
- Monitoring network traffic for suspicious behavior.
- Supporting diagnosis, troubleshooting, reporting, communications, and recovery during security event incident response.
- Implements and executes processes and procedures relevant to the enterprise security program. (25%)
- Providing guidance on network policies and authorization roles.
- Assessing new vendors and systems for impacts to the organization's security posture.
- Consulting with staff, managers, and executives about the best security practices around network configuration, identity roles, and emerging threats.
- Training staff to understand and use security protocols.
- Ensures compliance with security audits. Fulfills information requests to auditors during periodic security audits. Provides expert guidance in best practices and implementation of remediation steps in response to security audits. (10%)
- Serves as a backup resource for implementation and administration of networking systems. (5%)
- Participates in the corporate security awareness program, including the drafting of security awareness alerts and notifications. (5%)
- Assists in the development, updating, and testing of business continuity and disaster recovery protocols (5%)
- Education including a Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
- A strong understanding and knowledge of computer, network, and security systems including, Proofpoint, McAfee, vulnerability scanners, password managers, and SSO/MFA systems.
- Experience of approximately 7-10 years in information technology security.
- Certification or equivalent expertise in a major security standard such as CISSP (Certified Information Systems Security Professional), CCSP (Cisco Certified Security Professional), CCSA (Check Point Certified Security Administrator), CISM (Certified Information Security Manager), SSCP (Systems Security Certified Practitioner), or CRISC (Certified in Risk and Information Systems Control).
- Evaluate systems security risk assessments
- Maintain internal information security program
- Defining information security policies and procedures
- Develop a security program and security projects that address identified risks and business security requirements
- Providing direction for security operations for the global security
- Manage vendor security risk assessments
- Conduct monthly security compliance meetings
- Manage security and compliance audits
- Develop and maintain information security
- Ensure information system security across the enterprise
- Supervise and manage security system team
- Develop relationships with security vendors and external security experts
- Resolve security incidents and recommend enhancements to improve security
- Ensure the security of data
- Develop and create security policies
- Develop, document and implement data security procedures that enforce information security standards
- Maintain ongoing compliance with client information security requirements
- Analyze data from network security devices and services and provide periodic security reporting
- Support information security solutions including security architectures, change/configuration management, and the integration of security products
- Perform network security scanning Audit
It Security Auditing