Information Security Manager Job Description
Information Security Manager Duties & Responsibilities
To write an effective information security manager job description, begin by listing detailed duties, responsibilities and expectations. We have included information security manager job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Security Manager Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security Manager
List any licenses or certifications required by the position: CISSP, CISM, CISA, GIAC, SANS, ISO27K, CRISC, ISO, ISSMP, PCI
Education for Information Security Manager
Typically a job would require a certain level of education.
Employers hiring for the information security manager job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Education, Information Technology, Technical, Engineering, Information Systems, Business, Computer Engineering, Computer Information Systems
Skills for Information Security Manager
Desired skills for information security manager include:
Desired experience for information security manager includes:
Information Security Manager Examples
Information Security Manager Job Description
- Collaborate with clients IT / Information Security teams to integrate Conifer’s identity access management process with their existing processes
- Ensure compliance to standards and regulations such as ISO 27001, PCI DSS, state and national laws in information security
- Monitor compliance with the Bank’s Information Security Program and Policy, referring issues to the appropriate managers
- Experience with analyzing, troubleshooting, and investigating security-related anomalies based on security platform reporting, network traffic, log files, host-based and automated security alerts
- Evaluate, Architect, design, implement and support security-focused tools and services including project leadership roles
- Participate in security compliance efforts (e.g., PCI, DSS, SOX)
- Evangelize security within Company and be an advocate for customer trust
- Introduce and implement ISO 27001 standard throughout the business and ensure compliance
- Leading cross functional teams through auditing and compliance activities including Sarbanes Oxley (SOX), Payment Card Industry (PCI), customer audits, Internal Audit
- Establishes and manages the capability to prevent, detect, contain, mitigate and recover from information incidents to minimize business impact
- The incumbent is guided by the Bank’s Information Security Policy and Standards and the requirements of Bank regulators and auditors departmental procedures
- CISA, CISM and/or CISSP designation beneficial but not required
- Prior experience in a risk and control role would be an advantage
- 5 years information security manager experience with a significant portion related to the healthcare industry
- Knowledge of IS systems and security
- Knowledge of health information security laws (including HIPAA), regulations, PCI, industry standards and best practices
Information Security Manager Job Description
- Lead or participate in technical security mitigation
- Coordinate with internal departments and communicate technical security concepts in business terms
- Support security incident response and management work
- Lead teams (direct and out sourced) to deliver Conifer personnel access to client and other external applications
- Identify, assess, and prioritize identified risks
- Collect evidence, artifacts, and document findings to support conclusions
- Provide recommendations for remediation of identified deficiencies
- Track and report on findings/deficiencies to closure
- Manage remediation efforts and report on the status of control deficiencies
- Support information security investigations in the respective areas of responsibility
- Knowledge on contemporary technologies like virtualisation and cloud computing
- Knowledge on information security standards / regulations like ISO27001, SOC , DPF, ISO27018
- A minimum of 8 years of experience in the information security, risk, or project management fields
- Bachelor of Science in Computer Science, Management Information Systems from an accredited institution is preferred
- 6 years of information security experience, including experience with risk management and experience communicating information security concepts to varying audiences
- 4 year degree in information technology or related field
Information Security Manager Job Description
- Oversee Information Security incident response planning the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary
- Serve as a subject matter expert providing advisory services related to security architecture strategy security requirements implementation both internally and at the global level
- Supervise the execution of vulnerability assessments, penetration tests and security audits
- Creatively and independently provide resolution to security problems in a cost-effective manner
- Lead the security engagement with this MoD client
- Initiate and conduct accreditation support
- Provide expert security guidance to client stakeholders including senior management and partner organisations
- Management of security related incidents to third parties, including supply chain organisations and their subsidiaries, testing organisations, document and asset handlers and in-directly contracted client partners
- Evaluate IT/OT security requirements to make sure they are appropriately architected, designed, and implemented
- Represent the cyber security needs of IT/OT by providing security expertise and assistance for all IT/OT projects
- CISSP, GIAC, CISA certifications desired
- 5-10 years of relevant information risk, security, and compliance experience in a large, enterprise environment
- 5-10 years of direct IT Operations and infrastructure support experience
- Must possess a deep understanding of Security Administration, Regulations, Audit/Controls and Techniques
- Security Administration and Management, including AD/LDAP and NTFS in an enterprise setting
- 5-7 years experience in Information Security, Risk Management, Internal Audit, Compliance or Reengineering within the Banking or Financial Services industries
Information Security Manager Job Description
- You have a strong understanding of technical terminology
- You have a successful record of accomplishment of developing strategies, and designing and executing on the associated plan
- You are CISSP, CISA or CISM certified, optional but not mandatory
- Ideally, you have Project Management experience, optional but not mandatory
- Provides program management expertise for large to enterprise scale programs with moderate to high complexity
- Collaborating with staff and management of multiple worldwide business units and outside 3rd parties to clearly identify, explain, and communicate their program involvement, program goals, expectations, tasks, and timelines
- Owning the program portfolio by integrating various project schedules, task assignments, and managing schedule progress - from large phases through to detailed tasks, including understanding and managing dependencies
- Drives key initiatives in the Program Management Office to strengthen and improve efficiencies across projects
- Identifies areas for process improvement and forms working groups to carry out those improvements
- Portfolio management experience at the program level
- Formal training in risk assessment methodology, industrial control systems, external penetration testing and forensic training is preferred
- Structured project management experience and broad experience in computer and network systems, application development security, desktop environments
- Monitors advancements in information security technologies
- Knowledge and experience of ISO/IEC 27001, Privacy, Risk Management, Information, Personnel, Physical security, Information security, Business Continuity and Crisis Management
- Proven knowledge of PCI-DSS
- Demonstrated ability to thrive in an Agile development environment
Information Security Manager Job Description
- Demonstrating high quality team management practices with a highly productive team
- Providing direct and indirect guidance and strategic coaching of architectural staff
- Advising, influencing, and educating the rest of the company on matters of security
- Communicating technical ideas and strategy clearly to technical and non-technical audiences in multiple media (e.g., speech, presentations, and prose)
- Collaborating with Engineering and Operations management around security goals
- Delivering results in a quickly changing environment, and making progress on strategic and tactical goals transparent to management and cross-business teams
- Developing and maintaining positive working relationships with business units, including developing a strategy to support their security maturity
- Supporting product teams in understanding the risks their technical choices bring to the business
- Reviewing new technologies and products for security implications, including safety, compliance and operational aspects
- Providing expert advice during security incidents
- Strong knowledge of application security & OWASP framework
- Operational knowledge of threat & vulnerability management tools
- Industry certification in information security such as CEH, CISSP, GIAC or equivalent
- Managing a team of cybersecurity and information security professionals supporting daily operational tasks, security services delivery, projects and initiatives
- Knowledge of security frameworks, standards, guidelines and best practices required
- Experience leading a transition from manual to automated environments, , tasks, processes, pipelines