Randstad Information Security Manager in Lansing, Michigan

Information Security Manager

job details:

  • location:Lansing, MI

  • salary:$100,000 - $120,000 per year

  • date posted:Tuesday, June 12, 2018

  • job type:Permanent

  • industry:Professional, Scientific, and Technical Services

  • reference:626706

job description

Information Security Manager

Our Lansing Client has an exciting opportunity for an Information Security Manager to join their growing team. This position will be responsible for building and maintaining the vision, strategy and programs required to ensure information assets are appropriately protected.

Responsibilities:

  • Build and lead cross-functional teams that support security initiatives.

  • Develop short term and long term strategies for identity & access management, cyber engineering & operations, governance and risk, threat management and application security.

  • Identify, select and manage security vendors to ensure that service delivery and support meet performance and business objectives.

  • Continuously evaluate and assess current and future security needs of the organization and make recommendations and business case requests to substantiate changes.

  • Develop and maintain project scope, timeline and budgets, through internal team and business partners.

  • Manage customer communications as they relate to security initiatives.

  • Understand and adhere to the regulatory and compliance requirements that impact either current business operations or potential client engagements

  • Anticipate trends, situations, or changing market conditions and take appropriate action on a timely basis.

  • Think in an innovative and creative way to assist in the growth of our business by providing timely and flexible security solutions

  • Drives and maintains the information security operations function, including the oversight of information security personnel, the development of information security programs and the identification and mitigation of information security risks.

  • Leads programs and processes to design a threat assessment framework, monitors the emergence of new threats and vulnerabilities, assess impacts and drive responses as appropriate. Ensures ongoing analysis of information security threats, vulnerabilities, and trends.

  • Supports the evaluation of risk mitigation language in third party agreements and vendor support contracts.

  • Designs a Security Operations Center (SOC) capable of implementing the programs and processes and leading an incident response plan. Develops metrics reporting to communicate effectiveness of SOC to leadership.

  • Ensures clear and timely business advice is provided to executive management on key information security and assurance issues.

  • Ensures that information security and risk is adequately represented on relevant business and governance forums and is known, well-integrated, and addressed.

  • Builds sound business relationships to enable a strong understanding and close alignment with business needs, direction, and risk tolerance.

  • Maintains relationships with threat intelligence communities, local, state and federal law enforcement and other related government agencies.

  • Stays informed of dynamic threats, trends, motivations and capabilities of information security adversaries.

  • Monitors compliance with information security policies, standards, and processes and enforces remediation of non-compliance.

  • Collaborates with various departments to understand and address the risk position around key business applications.

  • Oversees the development and maintenance of information security policies, including standards and processes that fit the organization at all levels.

Requirements:

  • Bachelor's degree preferred

  • Professional security management certification such as CISA, CISM, CISSP is preferred.

  • 5+ years of experience leading information risk, security and governance teams, transforming functions and changing culture.

  • Experience with leading the response to incidents, crisis, and investigations with sensitivity, tenacity, and a focus on detail.

  • Extensive experience in information security architecture, information security standards, consultative stakeholder management, and strategic planning.

  • Experience with classified networks, information classification, and confidentiality requirements associated with high security environments.

  • 3+ years demonstrated leadership in information security program management.

  • Deep understanding of information security architecture discipline, processes, concepts, and best practices.

  • Deep understanding of control, risk management and audit issues; demonstrated consultative approach to driving change and deploying controls.

  • Knowledge of common information security management frameworks such as NIST, COBIT, ISO/IEC 27001, ITIL, and HITRUST.

  • Knowledge and understanding of relevant legal and regulatory requirements such as HIPAA, FISMA, NIST 800-53, etc.

  • Knowledge of technological trends and developments in the area of information security and risk management; Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.

  • Knowledge of firewalls, anti-virus, intrusion detection/intrusion prevention systems, virtual private networks, remote access systems, network zoning, centralized monitoring, and application scanning.

  • Knowledge of information security and risk control frameworks as well as business continuity and IT disaster recovery frameworks.

  • Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction, in a culturally diverse, matrix management environment.

  • Strong facilitation, communication and presentation skills and a clear ability to build strong relationships with business stakeholders at all levels, including executive managers and vendors.

  • Background in project management, financial/budget management, scheduling and resource management.

  • Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion.