Manager, Information Security Job Description
Manager, Information Security Duties & Responsibilities
To write an effective manager, information security job description, begin by listing detailed duties, responsibilities and expectations. We have included manager, information security job description templates that you can modify and use.
Sample responsibilities for this position include:
Manager, Information Security Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Manager, Information Security
List any licenses or certifications required by the position: CISSP, CISM, CISA, GIAC, SANS, ISO27K, CRISC, ISO, ISSMP, PCI
Education for Manager, Information Security
Typically a job would require a certain level of education.
Employers hiring for the manager, information security job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Education, Information Technology, Technical, Engineering, Information Systems, Business, Computer Engineering, Computer Information Systems
Skills for Manager, Information Security
Desired skills for manager, information security include:
Desired experience for manager, information security includes:
Manager, Information Security Examples
Manager, Information Security Job Description
- Report on compliance with internal policies, controls, and standards
- Develop procedures and documentation to ensure compliance with configuration management (CM) for security-relevant IS software, hardware, and firmware
- Author all required information system security-related documentation as required by cognizant security authority and IAW published standards
- Assist in running the annual FedRAMP/FedRAMP+ assessments, including organization, preparation and basic technical remediation
- Gather and analyze audit findings and evaluate items of note
- Perform daily and weekly operational work tracking and following up on authenticator rotations, vulnerability management, documentation updates, and presenting the security section of weekly New Hire Orientation sessions
- Development and implementation of Assurance Review framework (including Internal Policy, Legal and Regulatory and Contractual Compliance)
- Manage internal Information Security Incidents and update relevant parties as required
- Provide support as required to client information security incidents
- Represent the security organization in cross-functional special projects and new initiatives as assigned
- Knowledge of server, workstation, and networking technologies and their impact on information security controls
- Supervisory or Project Management skills
- Technical understanding of security domains, such as Network Security, Identity and Access Management
- Guide the product management and legal team to ensure contracts with external parties have the required security terms in contracts and participate in complex contract negotiations with external partners at a global level
- Determine strategy for highly sensitive and/or high profile assessments
- Develop and maintain metrics on global vendor security and compliance
Manager, Information Security Job Description
- Lead/conduct security assessments to ensure adherence to company specific security policy, procedures and industry standards
- Ensure the enforcement of enterprise security standards
- Ensure compliance with the associated legislation, regulations, standards and policies stated in the contract, plus the specific requirements detailed within the Security Aspects letter/Personal Information Aspects Letter
- Data protection responsibility and the creation of compliant security related artefacts including policy and operating procedures
- Own the RG Army Information Asset Register, RG Security Operating Procedures (SyOPs) and the Security Risk Management Plan
- Remain current with continual development of cyber security threats in the world at large, security software and IT/OT systems as they become available in the market
- Provide recommendations and assist in the implementation of changes to work methods and procedures to ensure strong and effective security measures
- Lead the review and definition of security requirements and review systems to ensure they are designed to comply with established standards
- Remain current with continual development of cyber security threats in the world at large, security software and IT systems as they become available in the market
- For outsourcing programmes, establishing vendor governance and performance monitoring processes to ensure contractual compliance
- Knowledge and experience of security management and Business Continuity Management
- Active certifications in related areas of security and compliance such as CISA, CISM or CISSP
- Project management expertise and experience, possibly certified, PMP
- Open minded attitude capable of seeking opportunities for innovation and increased efficiency
- Strong capability in the use of IT tools for security management and research
- Minimum 8 years of management in a leadership role within information security
Manager, Information Security Job Description
- Responsible for the review and implementation of security standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data across multiple platforms and environments , corporate, mainframe, distributed and client server systems
- Manages account processes, network rights, and access to NTC network systems and equipment
- Performs control validation and verification of network servers, routers, and switches to ensure they comply with security policy, procedures, and technical requirements
- Responsible for evaluating corporate data privacy issues and recommending solutions to appropriately mitigate those issues according to industry norms
- Coordinate with Legal department and Compliance Officer to ensure solutions meet regulatory and internal policy requirements
- Assist internal and external auditors in conducting security reviews, receive and review their findings and recommend, adopt and implement actionable solutions
- Evaluate IT security requirements to make sure they are appropriately architected, designed, and implemented
- Represent the cyber security needs of IT by providing security expertise and assistance for all IT projects
- Acting as principal point of contact from the Information Security function into a number of major business and technology change programmes
- Determining the business drivers and security / regulatory aspects of programmes and identifying necessary security activities and roles and responsibilities
- Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience
- Understanding of encryption, hashing, secure random number generation, key derivation, digital signatures
- OSCP, OSWP, OSCE, and GIAC certifications a plus
- Manage project milestones and deadlines
- Communicate effectively across groups to accomplish project tasks
- A minimum of 7-10 years IT experience
Manager, Information Security Job Description
- Review and propose changes to systems and processes in order to drive proactive ongoing risk mitigation
- Contribute to the development, implementation, and updates to the security policies, procedures, guidelines, and best practices used to ensure company compliance
- Determine program tools
- Update executive audiences on program plans and issues
- Plans medium scale (100+ people) events
- Mentors others for career and program directions
- Manages the remediation/mitigation of security violations to determine if the network has been breached, assess the impact, and preserve the evidence
- Schedule periodic security audits and penetration testing
- Brief the executive team on status and risks, including taking the role of champion for the overall strategy
- Ensure contractual and legal compliance for all data protection and information security requirements
- Relational Databases and familiarity of huge data systems, backups and replication
- Proven and effective leadership skills, demonstrated proficiency in providing requisite oversight for information security operations and incident management
- Excellent interpersonal skills, ability to interface effectively with fellow employees, senior leadership of the Corporation, and external partners, clients and customers
- 2+ years of working NIST control experience
- 2+ years of experience with Internet technologies and fundamental protocols such as HTTP, TCP/IP, and DNS
- 2+ years of experience with creating customer/public documentation
Manager, Information Security Job Description
- To be responsible for the coordination of regular Information Security Reviews in the Organisation and with partner organisations by conducting assessments of faculty and departmental systems, processes and infrastructure and making recommendations to minimise risks identified
- Communicating technical ideas to technical and non-technical audiences clearly in speech and prose
- Establish communication and training plans for areas of responsibility
- Manage information security resources, including the security team, vendors, and contractors
- Manage security efforts, including but not limited to access control, monitoring, patch management, configuration management, vulnerability management, and incident response
- Chair the Security Review Board
- Stay abreast of emerging trends and best practices within the community of network and security professionals
- Provide advice and assistance to internal team and external entities (subcontractors, contractors & vendors) concerning the security of information and critical data processing capabilities
- Sets the strategy for PCI compliance
- Drives the integration of the Virgin America PCI program with the Alaska Air Group PCI program
- Experience mentoring and managing staff and building strong teams
- Excellent customer service skills and experience supporting internal SW development teams
- Strong interpersonal skills and ability to interface effectively with multiple functional groups within and outside of the Engineering team
- Ability to focus on important issues and demonstrated drive to exceed performance targets
- Ability to lead and promote change in a rapidly changing environment
- Proven experience managing concurrent, full life-cycle project implementations within Information Security