Information Security is a visible and critical component of every modern enterprise, and of considerable importance to our organization.
The Information Security Manager will work with executives from all departments and directly with the CIO, other members of the IT department, and firm personnel. Successful candidates must be an expert in the current best practices and tools for protecting client, company, employee, and end-user data, communications & systems. The top candidates will be excellent leaders skilled in audit, analysis, assessment and technical writing.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Maintain a cyber-risk and security program driven by established information protection and physical security policies. Collaborate with internal stakeholders to develop processes and procedures to carry out the intended goals of the policies.
Implement protection goals and objectives consistent with the corporate strategic plan.
Recommend, write, and maintain company security standards and policies.
Create and maintain company information security framework.
Evaluate technical security architecture, processes, and vendors safeguarding the company's assets, intellectual property, computer systems and physical security.
Direct compliance related to privacy, internal security controls and reporting.
Work closely with executives, technical staff, and both internal and external auditors.
Create processes and conduct audits supporting corporate, financial, and regulatory processes in computer and communication hardware, OS software and applications.
Set vendor security requirements and evaluate vendor compliance.
Identify gaps in IT security processes and design and lead initiatives to close gaps.
Work with all departments to perform security risk assessments and prioritize risk mitigation.
Evangelize and train on security awareness across all departments within the company.
Report quarterly progress of security maturity and metrics to executive management.
Direct quarterly security committee meeting attending by all departments.
KNOWLEDGE, SKILLS AND ABILITIES REQUIRED
Experience writing clear and concise policies, processes, and training.
Strong knowledge of InfoSec best practice for databases, network, and active directory.
Demonstration of physical security practices.
Able to analyze problems and implement/suggest resolutions.
History of working in large national corporate environments.
Background in business continuity planning, auditing and risk management.
Firm understanding of authentication and authorization technologies and protocols such as Kerberos, certificate, basic, forms-based and multi-factor authentication etc.
Working knowledge of industry security frameworks such as ISO 27001, HIPAA, NIST Cyber Security Framework.
Hands on experience with firewalls, IPS/IDS, MFA, SIEM, AV, EDR/MDR, DNSSEC, forensic, malware detection and other security technologies.
Superb interpersonal skills empowering manager to work with a highly diverse and global staff working in a fast-pace and dynamic environment.
10+ years of Information Technology experience with a BS or MS in the Information Systems, Computers Science, or related technical field.
5+ years specializing in information security.
CISSP, CISM, CRISC or CISA security certification highly desirable, but practical/field experience is rated highest.
Ability to travel up to 15% of the time.
Dexterity of hands and fingers to operate a computer keyboard, mouse, tools, and to handle other computer components.
Ability to sit at workstation for long periods of time completing testing, documentation, or other assignments.
Lifting and transporting of moderately heavy objects, such as computers and peripherals.
Must be able to lift a minimum of 50 pounds.
Positive attitude, team player, good interpersonal communication skills and able to work across company departments.
The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of essential functions, responsibilities or requirements.
About Constangy, Brooks, Smith & Prophete, LLP
Constangy, Brooks, Smith & Prophete LLP is an Equal Employment Opportunity employer committed to providing equal opportunity in all of our employment practices, including but not limited to selection, hiring, assignment, re-assignment, promotion, transfer, and compensation. Our Firm prohibits discrimination, harassment, or retaliation in employment based on race; color; religion; national origin; sex (including pregnancy); age; disability; genetic information, citizenship status; military service obligations; or any other category protected by applicable federal, state, or local law.