Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Manager of Information Security
Company Lifespan
Location Providence, RI
Preferred GIAC Certifications GSEC
Travel 0%
Salary Not provided
URL https://jobs.lifespan.org/search/jobdetails/mgr-information-security/d0ed1766-e8aa-462e-88fb-9fa484d71965
Contact Name Scott Lussier
Contact Email scottlussier/at/gmail.com
Expires 2021-04-21

Job Description

Summary:
The Manager Information Security reports to the VP, Chief Information Security Officer. Under general supervision, manages and provides support to all Lifespan information security services to assure a high value, efficient, comprehensive, security program which meets Lifespan needs.

Responsibilities:
Interviews, hires, and assigns subordinate staff; provides guidance and counsel to subordinate staff; conducts periodic performance evaluation; recommends personnel actions; acts as a resource for staff; conducts periodic individual and/or group staff meetings; prepares and submits payroll; provides and maintains subordinate staff development plans; develops standards for subordinate staff performance. Assists in determining the needs, structure, staffing, and systems required to deliver world class information security capabilities to all Lifespan affiliates.

Directs the efforts of others in the achievement of strategic and operational objectives of the group.

Advises and makes recommendations on strategic direction. Identifies opportunities for automation, standardization, cost savings, and business improvement. Identifies gaps, develop strategy, and create operational plans in support of Lifespan’s security mission.

Manages functional metric reporting requirement, developing metrics and measuring program success. Manages resolution of problems with reporting and has responsibility for overseeing maintenance of reporting systems.

Manages GRC (Governance Risk Compliance) activities surrounding policies, exceptions, risk register, and compliance requirements such as HIPAA, PCI, and JC.

Develops, maintains and publishes up-to-date security policies, standards and guidelines which align with industry best practices using control standards and regulatory frameworks.

Integrates, aligns, and acts as liaison with the business to ensure there is alignment to Lifespan’s Information Security Program.

Manages vendor relations to ensure Lifespan receives value and performance of resources in accordance with contractual agreements.

Develops roadmaps for all enterprise security technologies.

Ensures proper documentation is in place for all security standards, procedures, and hardening for a wide range of products including network devices, virtual machines, mobile devices, Operating Systems, and application development

Ensures Lifespan is prepared for external audits.

Works with third parties to evaluate their Information Security practices.

Develops, assists, and reviews with preparation and monitoring of IS Security budgets.

Maintains up-to-date technical knowledge by attending seminars, vendor presentations, and reading professional literature.

Participates in councils, quality improvement teams, and other such committees as required.

Develops, implements and monitors a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or possessed by the organization.

Oversees training and dissemination of security policies and practices

Participates in all departmental goals and strategy development. Provides assistance in negotiation and management of contracts with outside vendors. Participates in Demonstrations/Presentations and Benchmarks.

Ensures security programs are in compliance with relevant laws, regulations and policies to eliminate or minimize risk and audit findings.

Serves as a liaison between the information security team and corporate compliance, audit, finance, legal, marketing, operations and HR management teams as required.

Performs other related duties as required.

Other information:
EXPERIENCE:

Bachelor’s degree in Management or information systems required; M.B.A. or M.S. preferred.

Certifications Required (3 or more - CISSP, CISM, CRISC, GIAC, Security+).

A minimum of ten years of IS experience, with five years in an information security role.

Five years progressively responsible related work experience, including at least two years of related supervisory/management experience in a similar environment.

Comprehensive understanding of risk assessment protocols to develop appropriate assessment models to evaluate program effectiveness and quantify information security and cybersecurity risks across the organization.

Expert knowledge of third-party vendor security risk management and cyber supply chain management.

Expert knowledge of regulatory requirements, risk and industry standards associated with emerging technology, authentication capabilities, network design/security, cloud computing environment, the “dark web” and internet of things (IoT). Knowledge of leading Information Security industry frameworks (ie: NIST, ISO, SANS) and Information Security and Data governance models.

Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.

Ability to manage multiple high visibility deliverables simultaneously.

Excellent customer service and interpersonal skills required.

Must have excellent written and verbal (face-to-face and phone) communication skills including professional grammar and demeanor.

Expert presentation and reporting to executive audiences.

Expert level Microsoft Excel usage.

Experienced with vendor management, selection and contracts.

Flexible work hours (May require management support after normal hours).

SUPERVISORY RESPONSIBILITIES:

Supervisory responsibility for up to 15 FTEs.