The IT Security Manager is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem. The IT Security Manager leads the development and implementation of security solutions and processes across the organization. They are responsible for providing operational security solutions that would enable the success of IT and business initiatives.
Responsibilities
Provide guidance in planning and scoping Security Assurance engagements-
Provides strategic risk guidance for IT projects, including evaluations and recommendations of technical controls.
-
Oversee security testing performed by internal team members and external partners
-
Compile relevant security metrics and deliver them to stakeholders and senior leadership
-
Represent the organization as a Subject Matter Expert in security requirements.
-
Provide clear guidance to company employees and recommend modifications to operations policies and/or procedures as appropriate.
-
Develop, implement, and maintain a Security Program to include monitoring system security measures to ensure alignment with goals.
-
Advise on configuration management activities, including an assessment of modifications and/or vulnerabilities.
-
Develop and implement procedures for responding to security incidents and investigating and reporting security violations and incidents as appropriate.
-
Develops, maintains, and publishes up-to-date security policies, standards, and guidelines.
-
Oversees training and dissemination of security policies and practices.
-
Evaluates new cybersecurity threats and IT trends and develops effective security controls. Oversees development of security awareness programs.
-
Work with Legal and Finance Departments to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.
Position Requirements
Formal Education & Certification
-
Bachelor’s degree in Management Information Systems, Computer Science, Engineering, or related discipline. An advanced degree is preferred.
-
10 years IT experience, 6 to 8 years in a combination of risk management, IT Leadership information security and information technology desired.
-
One or more certifications preferred: CISM, CISA, CISSP, CRISC, or HISP
Knowledge & Experience
-
Good understanding cloud-based services in the areas of security automation, engineering, and design.
-
Experience assessing and supporting standards-based security control requirements (e.g., SOC 2, ISO, NIST, etc.) and related audits for compliance.
-
Experience implementing security tooling, processes, and strategies in the areas of AV endpoint protection, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Active Directory, SAML / ADFS, Multi Factor Authentication, RADIUS, and related technologies.
-
Demonstrated knowledge of IT networks and systems and associated security principles (e.g., firewalls, DMZ, Storage, Virtualization, OS-level configuration, encryption, load balancers, proxies, VPN, bandwidth management), resiliency and redundancy).
-
Developed and deployed a targeted information security awareness training program for all employees, contractors, and approved system users, with established metrics to measure the effectiveness of this security training program for the different audiences.
-
Experience in Unix, Windows, Linux, TCP/IP, Storage devices, network devices, fail-safe strategies, system architecture, LAN and WAN methods and intranet/internet security environments including firewalls, intrusion detection, incident response, policy writing, vulnerability testing, operating system hardening, regulatory compliance, and data classification.
-
Experience in performing Cloud Computing vendor evaluations (SaaS, PaaS, IaaS).
-
Knowledge of relational database design and architecture with experience in data administration and security methods with tier 1 ERP (Oracle, SAP, etc.), web application layers, e-commerce, and SQL.
-
Experience in IAM, NIDS/HIDS, SEIM, Log Management, Patch Management, Vulnerability Management, eDiscovery, Virtual Machine Security, Wireless and Mobile Security, and Industrial Controls.
Personal Attributes
-
Excellent analytical and problem-solving skills.
-
Ability to work with and appropriate communicate with all levels of staff from shop floor workers to executive management team.
-
Self-motivated and desire to learn/acquire new skills.
-
Excellent communication & interpersonal skills, utilizing data to tell a story.
-
Top-notch work ethic and customer service orientation.
-
A high degree of integrity, confidentiality, and commitment.
-
Experience in working in team/collaborative environment.
-
Ability to work independently and meet deadlines in a fast-paced environment.
-
Courtesy, respect, and thoughtfulness in teaming with colleagues and other stakeholders.
Work Location
Work onsite in Livonia, MI or Kingsville, Ont.