Information Security is crucial and is part of a broader information governance, risk, and compliance program within IT. The Information Security Manager will be a key contributor in leveraging the current implemented security technologies and enhancing related processes and procedures. The Information Security Manager is responsible for discovering, evaluating, and delivering security technologies to protect all sensitive information, and implement a robust set of security controls. The Information Security Manager will provide technical knowledge and analysis to include applications, operating systems, vendor risk management; incident response and security awareness and training.
Core Job Responsibilities & Accountabilities
Security Policies, Procedures & Standards
- Informed by the Security Policy, lead and coordinate the development and maintenance of information systems standards and procedures, ensuring compliance with federal and state laws and regulations and our internal policy as well as data classification.
- Lead a program to implement FISMA-compliant control framework based on NIST 800-53. Analyze new federal and state statutory requirements, and other security initiatives to determine changes necessary for adoption/compliance and makes appropriate recommendations.
- Establish monitoring and assessment processes including third party assessment, to ensure compliance and adherence to NIST 800-53 controls on an ongoing basis
- Monitor compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties.
- Provide oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings and tracking progress and providing status updates to the compliance team.
Security Tools & Roadmap
- Recommend security enhancements to VP of IT. Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
- Support the VP of IT & Security in implementation of tools and processes that support the Security Policy and Standards of the organization as defined in the Cyber Security Strategy Plan. Ensure tools are effectively implemented.
- Provide oversight of vendor relationships to ensure tools are effectively implemented and services are provided according to delivering outcomes.
- Maintain and update the Cyber Incident Management Plan to ensure actionable steps exist to handle the most common Security Incident scenarios. Perform Incident Management role on a rotating basis. Prepare after-action reports and lessons learned.
- Ensures Somos is prepared to actively respond to alerts provided by our third party 24x7 monitoring team and resolve potential threats and vulnerabilities in a timely manner to safeguard and maintain business operations.
- Establishes process for monitoring of security-related information sources for security alerts and assess security breaches/events, oversee appropriate corrective actions.
- Provide oversight of, assign tasks to and ensure effectiveness of full-time contractor supporting Security Operations functions.
- Oversee Vulnerability Management and Penetration Testing program staffed by third party vendor, facilitate meaningful dialog with Engineering counterparts to gain buy-in to closing vulnerabilities in a timely manner. Facilitate weekly meetings to track progress.
Essential Qualifications & Skills
- Bachelor’s in Computer Science, Information Technology or related IT field; or equivalent combination of relevant experience and skills.
- Minimum of 5 years of related experience in an IT security role, ideally demonstrating a combination of hands-on and managerial responsibilities covering Security Policy, Security Tools, and Security Operations.
- Must have experience implementing and enforcing NIST 800-53 controls.
- Experience creating and updating relevant security policies, controls and risk assessment documentation.
- Must be experienced working with security software, documentation, software testing, software maintenance, and the software development process.
- Maintains current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; related to forensics and incident response.
- Strong analytical, prioritizing, interpersonal, problem-solving, presentation, project management (from conception to completion) and planning skills.
- Strong verbal and written communication skills.
- Demonstrated collaborative skills and ability to work well in a fast-paced dynamic environment.
- Self-motivated with critical attention to detail, deadlines and reporting.
- Quick and motivated learner with high enthusiasm to develop cyber security skills.
Somos is proud to be an equal opportunity employer and we embrace and celebrate our employees’ differences. We are committed to building a team that is diverse and represents a variety of backgrounds, perspectives and skills. Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.