Information Security Manager

About The Position

Requirements

• Bachelor’s degree.
• A minimum of seven (7) years of direct experience in team leadership, IT security engineering, system hardening and network security.
• Note an equivalent combination of education and experience is acceptable.

Nice To Haves

• Knowledge and understanding of relevant legal and regulatory requirements, such as: CJIS, HIPAA, PCI-DSS.
• Knowledge and understanding of common information and security management frameworks, such as ISO/IEC 27001, ITIL, CIS, and NIST, including 800-53 and Cybersecurity Framework.
• Sound business acumen ability to develop and implement security strategies that are aligned with the County's business goals and risk profile.
• Excellent stakeholder management skills, communication skills, interpersonal and collaborative skills, and the ability to communicate cybersecurity and risk related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
• Ability to lead and motivate the cybersecurity team to achieve tactical and strategic goals and influence entities and decisions, even when no formal reporting structure exists.
• Ability to manage multiple concurrent projects.
• Provide financial/budget management, scheduling and workforce management and other administrative and technical support, as needed.
• Handle inquiries professionally.
• Receptive to feedback.
• CISSP, CISM, CIPM or equivalent.

Responsibilities

• Perform all duties of Security Engineer.
• Manage and mentor a team of security analysts, engineers, and architects.
• Lead comprehensive security assessments, audits, penetration tests, and risk analyses to identify gaps in security architecture and develop a resulting security risk management plan.
• Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM).
• Oversee development and maintenance of security architecture artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
• Provide subject matter expertise on security technologies, architecture, and best practices, including incorporating AI into security operations and strategies.
• Lead incident response efforts, including investigation, containment, and recovery, minimizing potential impact and coordinating with external partners.
• Develop and execute comprehensive security strategy plans and roadmaps aligned with business objectives, including cloud and on-premise architecture.
• Collaborate with senior leadership to communicate the importance of security initiatives and priorities, including regular presentations on security updates and relevant topics to elected officials, board members, and other County leaders.
• Stay up-to-date with regulatory changes, industry trends and best practices, emerging security threats and technologies, adapting strategies as needed.
• Other duties as assigned.

Benefits

• medical, dental, and vision insurance
• paid time off and holidays including a starting bank of 40 hours of PTO for new hires
• retirement matching
• wellness programs
• tuition reimbursement
• flexible schedules
• remote work options