|Preferred GIAC Certifications||GSEC|
|Contact Name||Scott Lussier|
The Manager Information Security reports to the VP, Chief Information Security Officer. Under general supervision, manages and provides support to all Lifespan information security services to assure a high value, efficient, comprehensive, security program which meets Lifespan needs.
Interviews, hires, and assigns subordinate staff; provides guidance and counsel to subordinate staff; conducts periodic performance evaluation; recommends personnel actions; acts as a resource for staff; conducts periodic individual and/or group staff meetings; prepares and submits payroll; provides and maintains subordinate staff development plans; develops standards for subordinate staff performance. Assists in determining the needs, structure, staffing, and systems required to deliver world class information security capabilities to all Lifespan affiliates.
Directs the efforts of others in the achievement of strategic and operational objectives of the group.
Advises and makes recommendations on strategic direction. Identifies opportunities for automation, standardization, cost savings, and business improvement. Identifies gaps, develop strategy, and create operational plans in support of Lifespan’s security mission.
Manages functional metric reporting requirement, developing metrics and measuring program success. Manages resolution of problems with reporting and has responsibility for overseeing maintenance of reporting systems.
Manages GRC (Governance Risk Compliance) activities surrounding policies, exceptions, risk register, and compliance requirements such as HIPAA, PCI, and JC.
Develops, maintains and publishes up-to-date security policies, standards and guidelines which align with industry best practices using control standards and regulatory frameworks.
Integrates, aligns, and acts as liaison with the business to ensure there is alignment to Lifespan’s Information Security Program.
Manages vendor relations to ensure Lifespan receives value and performance of resources in accordance with contractual agreements.
Develops roadmaps for all enterprise security technologies.
Ensures proper documentation is in place for all security standards, procedures, and hardening for a wide range of products including network devices, virtual machines, mobile devices, Operating Systems, and application development
Ensures Lifespan is prepared for external audits.
Works with third parties to evaluate their Information Security practices.
Develops, assists, and reviews with preparation and monitoring of IS Security budgets.
Maintains up-to-date technical knowledge by attending seminars, vendor presentations, and reading professional literature.
Participates in councils, quality improvement teams, and other such committees as required.
Develops, implements and monitors a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or possessed by the organization.
Oversees training and dissemination of security policies and practices
Participates in all departmental goals and strategy development. Provides assistance in negotiation and management of contracts with outside vendors. Participates in Demonstrations/Presentations and Benchmarks.
Ensures security programs are in compliance with relevant laws, regulations and policies to eliminate or minimize risk and audit findings.
Serves as a liaison between the information security team and corporate compliance, audit, finance, legal, marketing, operations and HR management teams as required.
Performs other related duties as required.
Bachelor’s degree in Management or information systems required; M.B.A. or M.S. preferred.
Certifications Required (3 or more - CISSP, CISM, CRISC, GIAC, Security+).
A minimum of ten years of IS experience, with five years in an information security role.
Five years progressively responsible related work experience, including at least two years of related supervisory/management experience in a similar environment.
Comprehensive understanding of risk assessment protocols to develop appropriate assessment models to evaluate program effectiveness and quantify information security and cybersecurity risks across the organization.
Expert knowledge of third-party vendor security risk management and cyber supply chain management.
Expert knowledge of regulatory requirements, risk and industry standards associated with emerging technology, authentication capabilities, network design/security, cloud computing environment, the “dark web” and internet of things (IoT). Knowledge of leading Information Security industry frameworks (ie: NIST, ISO, SANS) and Information Security and Data governance models.
Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
Ability to manage multiple high visibility deliverables simultaneously.
Excellent customer service and interpersonal skills required.
Must have excellent written and verbal (face-to-face and phone) communication skills including professional grammar and demeanor.
Expert presentation and reporting to executive audiences.
Expert level Microsoft Excel usage.
Experienced with vendor management, selection and contracts.
Flexible work hours (May require management support after normal hours).
Supervisory responsibility for up to 15 FTEs.