Manager, Information Security Job Description
Manager, information security
provides security leadership as required to address issues related to malware security, vulnerabilities, and best-practices for cyber & information security matters.
Manager, Information Security Duties & Responsibilities
To write an effective manager, information security job description, begin by listing detailed duties, responsibilities and expectations. We have included manager, information security job description templates that you can modify and use.
Sample responsibilities for this position include:
Experienced with the development of security tool requirements, trials, and evaluations, security operations procedures and processes
Ensure all IT systems and processes meet the required levels of information security, including authoring IS policies and processes for the ISO27001 plan and compliance
Leads the design, development and implementation of programs, procedures and systems for secure facilities
Lead, conduct and document regular audits on security events and incidents as documented in the IS policies and procedures
Ensures that multiple information systems of varied classification levels are operated, maintained, and disposed of in accordance with National and Departmental policy
Conducts risk assessments, and provides recommendations for appropriate data protection and system architecture
Uses encryption technology, penetration testing and vulnerability analysis of various security technologies, and information technology security research
Audits information technology systems
Leads the recommendation of resource allocation to ensure secure operation and requirements are met
Provides training and participates in the development of curriculum and course content
Manager, Information Security Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Manager, Information Security
List any licenses or certifications required by the position: CISSP, CISM, CISA, GIAC, SANS, ISO27K, CRISC, ISO, ISSMP, PCI
Education for Manager, Information Security
Typically a job would require a certain level of education.
Employers hiring for the manager, information security job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Education, Information Technology, Technical, Engineering, Information Systems, Business, Computer Engineering, Computer Information Systems
Skills for Manager, Information Security
Desired skills for manager, information security include:
Firewalls
Procedures
Application security
COBIT
Processes
Standards
System and network security
Common information security management frameworks
Cyber security threats
Malware attacks
Desired experience for manager, information security includes:
Programming in 2 or more of the following
Shell scripting in 2 or more of the following
The ability to manage multiple priorities with moderate supervision in a fast-moving environment is required
Excellent analytical and creative problem solving skills are required
BA or BScqualification
Strong demonstrated ability to skillfully hire, develop, lead, motivate, performance manage, and coach a cross-section of security and technology professionals and managers
Manager, Information Security Examples
1
Manager, Information Security Job Description
Job Description Example
Our growing company is looking to fill the role of manager, information security. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for manager, information security
- Report on compliance with internal policies, controls, and standards
- Develop procedures and documentation to ensure compliance with configuration management (CM) for security-relevant IS software, hardware, and firmware
- Author all required information system security-related documentation as required by cognizant security authority and IAW published standards
- Assist in running the annual FedRAMP/FedRAMP+ assessments, including organization, preparation and basic technical remediation
- Gather and analyze audit findings and evaluate items of note
- Perform daily and weekly operational work tracking and following up on authenticator rotations, vulnerability management, documentation updates, and presenting the security section of weekly New Hire Orientation sessions
- Development and implementation of Assurance Review framework (including Internal Policy, Legal and Regulatory and Contractual Compliance)
- Manage internal Information Security Incidents and update relevant parties as required
- Provide support as required to client information security incidents
- Represent the security organization in cross-functional special projects and new initiatives as assigned
Qualifications for manager, information security
- Knowledge of server, workstation, and networking technologies and their impact on information security controls
- Supervisory or Project Management skills
- Technical understanding of security domains, such as Network Security, Identity and Access Management
- Guide the product management and legal team to ensure contracts with external parties have the required security terms in contracts and participate in complex contract negotiations with external partners at a global level
- Determine strategy for highly sensitive and/or high profile assessments
- Develop and maintain metrics on global vendor security and compliance
2
Manager, Information Security Job Description
Job Description Example
Our growing company is looking for a manager, information security. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for manager, information security
- Lead/conduct security assessments to ensure adherence to company specific security policy, procedures and industry standards
- Ensure the enforcement of enterprise security standards
- Ensure compliance with the associated legislation, regulations, standards and policies stated in the contract, plus the specific requirements detailed within the Security Aspects letter/Personal Information Aspects Letter
- Data protection responsibility and the creation of compliant security related artefacts including policy and operating procedures
- Own the RG Army Information Asset Register, RG Security Operating Procedures (SyOPs) and the Security Risk Management Plan
- Remain current with continual development of cyber security threats in the world at large, security software and IT/OT systems as they become available in the market
- Provide recommendations and assist in the implementation of changes to work methods and procedures to ensure strong and effective security measures
- Lead the review and definition of security requirements and review systems to ensure they are designed to comply with established standards
- Remain current with continual development of cyber security threats in the world at large, security software and IT systems as they become available in the market
- For outsourcing programmes, establishing vendor governance and performance monitoring processes to ensure contractual compliance
Qualifications for manager, information security
- Knowledge and experience of security management and Business Continuity Management
- Active certifications in related areas of security and compliance such as CISA, CISM or CISSP
- Project management expertise and experience, possibly certified, PMP
- Open minded attitude capable of seeking opportunities for innovation and increased efficiency
- Strong capability in the use of IT tools for security management and research
- Minimum 8 years of management in a leadership role within information security
3
Manager, Information Security Job Description
Job Description Example
Our growing company is looking to fill the role of manager, information security. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for manager, information security
- Responsible for the review and implementation of security standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data across multiple platforms and environments , corporate, mainframe, distributed and client server systems
- Manages account processes, network rights, and access to NTC network systems and equipment
- Performs control validation and verification of network servers, routers, and switches to ensure they comply with security policy, procedures, and technical requirements
- Responsible for evaluating corporate data privacy issues and recommending solutions to appropriately mitigate those issues according to industry norms
- Coordinate with Legal department and Compliance Officer to ensure solutions meet regulatory and internal policy requirements
- Assist internal and external auditors in conducting security reviews, receive and review their findings and recommend, adopt and implement actionable solutions
- Evaluate IT security requirements to make sure they are appropriately architected, designed, and implemented
- Represent the cyber security needs of IT by providing security expertise and assistance for all IT projects
- Acting as principal point of contact from the Information Security function into a number of major business and technology change programmes
- Determining the business drivers and security / regulatory aspects of programmes and identifying necessary security activities and roles and responsibilities
Qualifications for manager, information security
- Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience
- Understanding of encryption, hashing, secure random number generation, key derivation, digital signatures
- OSCP, OSWP, OSCE, and GIAC certifications a plus
- Manage project milestones and deadlines
- Communicate effectively across groups to accomplish project tasks
- A minimum of 7-10 years IT experience
4
Manager, Information Security Job Description
Job Description Example
Our growing company is looking to fill the role of manager, information security. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for manager, information security
- Review and propose changes to systems and processes in order to drive proactive ongoing risk mitigation
- Contribute to the development, implementation, and updates to the security policies, procedures, guidelines, and best practices used to ensure company compliance
- Determine program tools
- Update executive audiences on program plans and issues
- Plans medium scale (100+ people) events
- Mentors others for career and program directions
- Manages the remediation/mitigation of security violations to determine if the network has been breached, assess the impact, and preserve the evidence
- Schedule periodic security audits and penetration testing
- Brief the executive team on status and risks, including taking the role of champion for the overall strategy
- Ensure contractual and legal compliance for all data protection and information security requirements
Qualifications for manager, information security
- Relational Databases and familiarity of huge data systems, backups and replication
- Proven and effective leadership skills, demonstrated proficiency in providing requisite oversight for information security operations and incident management
- Excellent interpersonal skills, ability to interface effectively with fellow employees, senior leadership of the Corporation, and external partners, clients and customers
- 2+ years of working NIST control experience
- 2+ years of experience with Internet technologies and fundamental protocols such as HTTP, TCP/IP, and DNS
- 2+ years of experience with creating customer/public documentation
5
Manager, Information Security Job Description
Job Description Example
Our company is looking to fill the role of manager, information security. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for manager, information security
- To be responsible for the coordination of regular Information Security Reviews in the Organisation and with partner organisations by conducting assessments of faculty and departmental systems, processes and infrastructure and making recommendations to minimise risks identified
- Communicating technical ideas to technical and non-technical audiences clearly in speech and prose
- Establish communication and training plans for areas of responsibility
- Manage information security resources, including the security team, vendors, and contractors
- Manage security efforts, including but not limited to access control, monitoring, patch management, configuration management, vulnerability management, and incident response
- Chair the Security Review Board
- Stay abreast of emerging trends and best practices within the community of network and security professionals
- Provide advice and assistance to internal team and external entities (subcontractors, contractors & vendors) concerning the security of information and critical data processing capabilities
- Sets the strategy for PCI compliance
- Drives the integration of the Virgin America PCI program with the Alaska Air Group PCI program
Qualifications for manager, information security
- Experience mentoring and managing staff and building strong teams
- Excellent customer service skills and experience supporting internal SW development teams
- Strong interpersonal skills and ability to interface effectively with multiple functional groups within and outside of the Engineering team
- Ability to focus on important issues and demonstrated drive to exceed performance targets
- Ability to lead and promote change in a rapidly changing environment
- Proven experience managing concurrent, full life-cycle project implementations within Information Security