ISMS Program Manager

About The Position

Requirements

• Bachelor’s degree in Information Technology, Business Management, or a related field
• Minimum 7-10 years of overall technology professional experience
• 5+ years in the fields of Information Security, Compliance, or Privacy
• Comprehensive understanding of Information Security Frameworks (e.g., ISO 27001, NIST CSF, and CIS Critical Security Controls)
• Knowledge of insurance and finance industry laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
• Monitoring and reporting on compliance with security and data protection policies, as well as the enforcement of policies.
• Working knowledge of Security Architecture and potential security issues related to them PaaS, IaaS, SaaS and cloud environments.
• Understanding of IAM, and Data Loss Prevention in a Microsoft environment.
• Knowledge of security technologies such as vulnerability testing and Firewalls.
• Experience with leading external Information Technology controls audits
• Excellent execution, attention to detail, decision making, and follow-through skills
• Strong personal and professional ethical values and integrity
• Self-driven, highly organized, and very effective time management skills

Nice To Haves

• Information Security Certifications (e.g., NIST, CRISC, CISSP, CISM, etc.) are an added plus
• Program management qualification (e.g., PMP certification) and certifications are an added plus

Responsibilities

• Implement NIST framework and Information Security Management System (ISMS), aligned with effective and appropriate NIST compliant controls and measures to protect systems and data.
• Develop a complete set of Information Security policies, procedures and standards while monitoring the information security controls, KRIs/KPIs, and technical landscape.
• Assist in the development of routine reporting communications and documentation consistent with and supportive of the NIST framework, in formats suitable for executive audiences.
• Lead on security compliance reviews, internal and external audits, certifications and accreditations, and security questionnaire (e.g., NYDFS, MA DOI, Ernst & Young).
• Management and coordination of audit remediation efforts.
• Identify, communicate, and manage current and emerging security threats with relevant stakeholders.
• Conduct third party information security assessments in coordination with Vendor Management and Enterprise Risk Management teams.
• Work with business stakeholders, internal IT, and 3rd party vendor teams to promote and adopt security best practices and promote a security conscious culture.
• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
• Deploy all-employee Cybersecurity awareness bulletins and training modules.
• Facilitate and document Incident Response and Disaster recovery tabletop exercises.
• Coordinate and manage DR/BC testing and recovery efforts with other IT teams and ERM.
• Other duties and/or projects as assigned

Benefits

• Hybrid Work Model