Senior Manager, IT Security

Job Summary

We are seeking an experienced and strategic Senior Manager of IT Security to lead our IT security initiatives. The Senior Manager will be responsible for developing and implementing comprehensive IT security strategies implementing robust measures performing audits and leading initiatives to fortify systems and ensuring the protection of our information assets. This role requires a deep understanding of cybersecurity principles excellent leadership skills and the ability to stay ahead of emerging threats.

Key Responsibilities:

Security Strategy Development:

Develop and implement a robust IT security strategy aligned with the organizations goals and objectives.
Implement system security measures in accordance with established procedures to ensure confidentiality integrity availability authentication and non-repudiation.

Security Infrastructure Design and Implementation:

Design implement and maintain security infrastructure including firewalls intrusion detection/prevention systems (IDS/IPS) and network access controls.
Ensure security measures are integrated into the organizations IT architecture.

Identity and Access Management:

Assist Identity Engineers in implementation and management of Identity Access Management (IAM) and Privilege Access Management (PAM) solutions to ensure appropriate access controls and elevations.
Conduct regular access reviews and audits to ensure compliance with security policies.

Threat and Vulnerability Management:

Conduct vulnerability assessments to identify security weaknesses in partnership with SecOps.
Coordinate security patches and updates to mitigate vulnerabilities.
Mitigate or correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
Perform security reviews identify gaps in security architecture implement security measures to resolve vulnerabilities mitigate risks help develop a security risk management plan and recommend security changes to systems as needed.

Risk Management:

Identify assess and mitigate security risks to protect the organizations End User Technology and Infrastructure assets.
Verify minimum security requirements are in place for all applications.

Access Control Management:

Implement and manage identity and access management (IAM) solutions to ensure appropriate access controls.
Conduct regular access reviews and audits to ensure compliance with security policies.

Research and Development:

Stay current with emerging security threats technologies and industry trends.
Evaluate and recommend new security tools and technologies to enhance the organizations security posture.

Documentation and Reporting:

Maintain detailed documentation of security configurations incidents and procedures.
Generate regular security reports for management and stakeholders.
Properly document all systems security implementation operations and maintenance activities and update as necessary.
Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
Verify and update security documentation reflecting the application/system security design features.

Policy and Compliance:

Develop and enforce IT security policies standards and procedures in partnership with GRC and broader Security organization to ensure compliance with regulatory requirements and industry best practices.

Collaboration and Communication:

Work closely with IT and business teams to ensure security measures align with organizational goals.
Communicate security risks and recommendations to stakeholders.

Team Leadership:

Lead and mentor the IT security team providing guidance and support to ensure their professional growth and development.

Budget Management:

Develop and manage the IT security budget ensuring efficient allocation of resources.

Skills:

Tools and Technologies:

Security Information and Event Management (SIEM): Azure Sentinel
Endpoint Protection: Microsoft Defender for Endpoints.
Network Security:Palo Alto Networks Cisco ASA Fortinet
Identity and Access Management (IAM):Microsoft Entra ID CyberArk.
Vulnerability Management Tools such as Qualys Rapid7 or similar.
Encryption Tools such as Bitlocker PGP or similar.
Incident Response:FireEye Carbon Black Mandiant or similar.
Cloud Security:AWS Security Hub Microsoft Azure Security Center Google Cloud Security or similar.

Education:

Bachelors degree in Information Security Computer Science or a related field.
Masters degree in similar field preferred.

Experience:

Minimum of 7-10 years of experience in IT security with at least 3 years in a leadership role.
Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) or equivalent certifications preferred.

Skills:

Proven experience in developing and implementing security strategies and policies.
Strong understanding of cybersecurity principles technologies and best practices.
Strong analytical and problem-solving abilities.
Excellent leadership and team management skills.
Ability to work closely with IT and business teams to ensure security measures align with organizational goals.
Ability to stay current with emerging security threats and technologies.
Knowledge of business continuity and disaster recovery principles.