Senior Manager for InfoSec

Senior Manager for InfoSec

HCM Nexus Consulting Inc
8-18 years
Not Specified

Job Description

  • Executes incident containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence. Determines risk and exposure from security incidents while providing guidance to business decision-makers.
  • Manage an ongoing process which analyzes improvements after high severity or high impact incidents, identify gaps, provide input on updating best practices and drive continuous improvement across the enterprise. Drive completion of improvements, track status and provide monthly updates to the VP, GTM.
  • Develop and provide Key Performance Indicator (KPI) and Key Risk Indicator (KRI) incident metrics on a monthly and quarterly basis to senior leadership.
  • Will interact primarily with the various operational groups within the Threat Management Center. This role will also interact with InfoSec peers across all segments and the customers are both internal and external. Additionally, the role will interact with Network and Incident Management peers across all segments.
  • Liaise with key stakeholders in obtaining information necessary in managing the security of business unit information, conducting risk assessments on business operations, and in actual implementation of established policies and procedures pertaining to BCP, Operational Risk, Compliance and Information Security
  • Provide guidance and support in the setting up and regular assessment of contingency plan to ensure effectiveness and relevance of Business Continuity Plan and crisis management programs
  • Provides threat management and technical consultation on complex investigations. Develops and improves procedural documentation for the standardization and repeatability of incident handling and analysis.
  • Responsible for keeping up-to-date knowledge of new and emerging threats that can affect the organization's information assets by analyzing of third party software/solutions, IT configuration changes (including access control requests), and network/system architecture from risk perspective
  • Oversees cyber security research efforts and identifies appropriate preemptive recommendations. Analyzes emerging threat trends and intelligence feeds to enhance hunting capabilities. Ensures the team stays current on ethical hacking techniques and feeds from global threat intelligence sources.
  • Responsible for assessing risks based on changes to implementation of ISO (International Organization for Standardization)/BSO(Business Services Online); enhances knowledge of PCI(Payment Card Industry)/Logical Security guidelines and models, HIPPA (health insurance portability and accountability act), PII(Personally Identifiable Information), and Card personalization.
  • Leads complex threat assessment and consults leadership on incident impact and risk exposure. Shares best practices to enhance analyst playbooks, response procedures and remediation actions. Works with internal subject matter experts and external vendors to improve security control measures.
  • Identifies and recommends security solutions to meet changes in technology and business operations. Reviews and validates new prospective technologies for adherence to security standards. Defines metrics to support operating effectiveness and enable continuous control monitoring. Serves as a security expert and guides project teams to comply with enterprise security policies, industry regulations, and best practices. Weighs business needs against security concerns and articulate issues to management.
  • Perform other duties as necessary

Qualifications:
  • Typically a minimum of 8 years - related professional experience including a minimum of 3-4 years experience in a supervisory position.
  • Bachelor's Degree in Information Security or Computer Science preferred. Other majors will be considered.
  • One or more of the following-CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, CGEIT, Certified Forensic Computer Examiner (CFCE), Certified Cyber Threat Analyst (CCTA), Certified Computer Examiner (CCE)
  • Strong verbal and written communication skills and demonstrated ability to communicate with all levels of management; with experience in writing policy and procedures manuals
  • Highly analytical, with project management skills
  • Strong leadership and interpersonal skills
  • Must be flexible and customer-focused
  • Must have good organizational skills and be detailed oriented
  • Strong planning and implementation skills

Job Details

HCM Nexus

About Recruiter

104

Followers

73

Active jobs

Functions : Marketing & Communications

Industries : Other

Skills/Roles I hire for: All

level Hiring For: Junior Level, Mid Level, High Level, Top Management

Similar Jobs

People Also Considered

Career Advice to Find Better