Manager, Information Security

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Systems, or STEM subject from an accredited college/university, required.
• 5-8 years operational experience in information security within a regulated environment, required.
• 2-3 years experience in a supervisory role, required.
• Experience in managing information security audits, required.
• Experience with information security within an environment that has regulatory requirements e.g. HIPAA, required.
• Strong technical skills, with experience of firewall technologies, vulnerability management and remediation across a variety of technology platforms, managing security in cloud environment. E.g. Azure, AWS, required.
• Excellent interpersonal and communication skills.
• Ability to communicate effectively and influence stakeholders to implement Information Security recommendations.

Nice To Haves

• Professional certification in information security, such as CISA, CRISC, CISSP or CISM, highly preferred.
• Knowledge and experience of Firewalls, Identity Management, Managing Security in M365 and Azure, highly preferred required.
• Knowledge and experience of MS Purview, highly preferred.

Responsibilities

• Partner closely with Head of Governance and Security to execute security strategy roadmap for Coverys
• Implement and execute IT and Information Security strategies that will improve the security and reliability of systems and data.
• Implement and update security, resilience and information governance standards and procedures as appropriate (using external benchmarks) and ensuring adherence to those standards to drive consistency of practice and organizational maturity.
• Oversee and develop an ongoing program of vulnerability and operational resilience management, including regular external testing.
• Work with internal audit to develop a plan for assurance of the effectiveness of the security, resilience and compliance of our services.
• Work closely with Compliance and Legal teams to ensure that we understand and have documented our regulatory obligations and that we maintain compliance with them
• Oversee the planning and execution of any security or resilience related external audits.
• Engage with transformation teams to ensure resilience and security are inherent to the delivery of those transformations and allocate the necessary resources.
• Oversee the benchmarking of our security delivery against NIST CSF 2.0 and then develop a plan to increase our maturity from both a policy and practice perspective.
• Regularly review and hone the toolsets required to monitor for, protect from, and respond to cyber incidents.
• Ensure timely and viable incident response processes are in place.
• Ensure we collate and regularly report on security governance metrics to leadership.
• Accountable for key metrics that we will be establishing and maintaining for security operations progress.
• Oversee the activities of the team and ensure clarity of roles and appropriate allocation of resources.
• Ensure that we maintain and monitor a suite of staff training in relation to security awareness skills and required behaviors.
• Manage partners, stakeholders, vendors and third-party service or solutions providers of relevant IT Security services.
• Carry out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.
• Support evolving business needs, as applicable.

Benefits

• Our benefits package is available day 1 of employment
• directed donations
• company matchings