Summary
This leadership position focuses on pragmatically managing and minimizing risk through overseeing an IT security practice that promotes and advances the security posture of the organization. Tactically the IT Security Manager is responsible for managing the day-to-day activities of the IT Security team as well as providing technical direction for projects and audits. Strategically the IT Security Manager will collaborate with other organizational leaders to advance security culture and implementation.
Note: This position is required to be capable in all areas of IT Security, but is intended to be more focused on the defensive portions of IT security including architecture, engineering, and operations.
Essential Duties and Responsibilities:
Risk and Governance:
- Manage risk with a pragmatic perspective, understanding that security is important but needs to support the success of the business.
- Oversee IT security controls for the company including periodic testing.
- Champion and build appropriate security policies.
- Evaluate the organization to ensure compliance with policies and standards.
- Assign risks to company assets and prioritize their resolution.
- Participate in maintaining appropriate cybersecurity insurance. Participate in security assessments/reviews with insurance brokers/providers.
- Maintain and enhance the company-wide security awareness program.
- Maintain and facilitate security assessments of 3rd party entities and solutions.
- Respond to security assessments and inquiries on behalf of the company.
- Maintain and enhance organizational incident response processes including key runbooks.
- Lead and collaborate with areas to develop and understand business continuity and disaster recovery plans.
Security Practice and Technologies:
- Responsible for Identity and Access Management program.
- Establish strategy and support for IT and OT security architecture and technologies.
- Maintain various security technologies including but not limited to:
- Implement process improvements to enhance the efficiency of current operational procedures.
- Take ownership of establishing and enforcing security standards both within team and across the organization. Work proactively and collaboratively to achieve change management and buy-in.
- Automate tasks that are repetitive using various technologies.
- Maintain PCI compliance of the organization.
- Maintain a vulnerability management program and work with team members to remediate issues found.
- Plan, acquire, and coordinate the installation of “in-house” and remote software solutions and configurations across the organizations’ network.
- Negotiate with vendors and contractors to secure products and services.
- Oversee provisioning and deprovisioning activities to ensure they can be executed in a timely manner while evaluating for automation opportunities.
- Directly manage and work with the team and other responsible parties during security incidents to ensure containment, remediation, and restoration. Lead post-incident analysis and lessons learned.
Managerial:
- Servant leadership mindset focused on putting team members and others in a position to be successful.
- Manage the day-to-day operations of the department. Develop career plans for team members and recommend training and development areas.
- Assign and track tasks to team members including establishing and managing to target dates.
- Provide training and experience to grow members of the team.
- Ability to lead and maintain multiple overlapping complex projects from beginning to end and interface with various teams as well as leadership/executives.
- Be willing to manage and lead across team boundaries.
- Responsible for change management and communication to ensure initiatives are successfully implemented.
- Effectively deal with rapid change in a positive manner and lead staff through changing priorities.
- Coordinate relations with and serve as a liaison between other organizational units and Security staff. Be able to communicate topics and concepts to the team and a diverse audience.
- Develop short-term and long-term department goals which support enterprise long-term strategic goals.
- Ensure the quality of work produced by the team is acceptable based on established standards.
- Prepare and maintain annual department budget.
- Provide periodic employee performance reviews.
Education and/or Experience
- 2+ years of management experience
- 5+ years of IT Security experience
- Knowledge of technical platforms and languages required for this position.
- Knowledge of the various operating environments.
- Bachelor's degree in Business (or Management), Computer Science, Engineering, or equivalent experience is required.
- CISSP strongly preferred. CISM, ISSMP, or similar security management certification a plus.
- Post hire certifications may be required to gain knowledge needed to stay current in field.
- Experience in the Distribution industry preferred
Job Type: Full-time
Benefits:
- 401(k)
- Dental insurance
- Employee assistance program
- Employee discount
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Professional development assistance
- Referral program
- Retirement plan
- Tuition reimbursement
- Vision insurance
Schedule:
Application Question(s):
- How many years experience within cybersecurity management do you have?
- Do you have prior Blue Team experience?
- Please list certifications:
- Are you legally authorized to work in the US without sponsorship now or in the future?
- What salary are you seeking?
Location:
Work Location: Remote