Job Details

Information System Security Manager

East Brunswick, NJ | Full time

Job ID:

1915-001ISM

Duration:

Long Term

Experience:

5-7 years

Career Level:

Managerial

Compensation:

$140 to $160 Per Annum

Industry:

Information Services

Job Description

Summary

The Information Security Manager will be a key contributor in leveraging the current implemented security technologies and enhancing related processes and procedures. The Information Security Manager is responsible for discovering, evaluating, and delivering security technologies to protect all sensitive information, and implement a robust set of security controls. The Information Security Manager will provide technical knowledge and analysis to include applications, operating systems, vendor risk management; incident response and security awareness and training.

Core Job Responsibilities & Accountabilities

  • Informed by the Security Policy, lead and coordinate the development and maintenance of information systems standards and procedures, ensuring compliance with federal and state laws and regulations and our internal policy as well as data classification.
  • Lead a program to implement FISMA-compliant control framework based on NIST 800-53. Analyze new federal and state statutory requirements, and other security initiatives to determine changes necessary for adoption/compliance and makes appropriate recommendations.
  • Establish monitoring and assessment processes including third party assessment, to ensure compliance and adherence to NIST 800-53 controls on an ongoing basis
  • Monitor compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties.
  • Provide oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings and tracking progress and providing status updates to the compliance team.

Security Tools & Roadmap

  • Recommend security enhancements to VP of IT. Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
  • Support the VP of IT & Security in implementation of tools and processes that support the Security Policy and Standards of the organization as defined in the Cyber Security Strategy Plan. Ensure tools are effectively implemented.
  • Provide oversight of vendor relationships to ensure tools are effectively implemented and services are provided according to delivering outcomes.

Security Operations

  • Maintain and update the Cyber Incident Management Plan to ensure actionable steps exist to handle the most common Security Incident scenarios. Perform Incident Management role on a rotating basis. Prepare after-action reports and lessons learned.
  • Ensures the client is prepared to actively respond to alerts provided by our third party 24x7 monitoring team and resolve potential threats and vulnerabilities in a timely manner to safeguard and maintain business operations.
  • Establishes process for monitoring of security-related information sources for security alerts and assess security breaches/events, oversee appropriate corrective actions.
  • Provide oversight of, assign tasks to and ensure effectiveness of full-time contractor supporting Security Operations functions.
  • Oversee Vulnerability Management and Penetration Testing program staffed by third party vendor, facilitate meaningful dialog with engineering counterparts to gain buy-in to closing vulnerabilities in a timely manner. Facilitate weekly meetings to track progress.

Qualifications & Skills

  • Bachelor’s in Computer Science, Information Technology or related IT field; or equivalent combination of relevant experience and skills.
  • Minimum of 5 years of related experience in an IT security role, ideally demonstrating a combination of hands-on and managerial responsibilities covering Security Policy, Security Tools, and Security Operations.
  • Must have experience implementing and enforcing NIST 800-53 controls.
  • Experience creating and updating relevant security policies, controls and risk assessment documentation.
  • Must be experienced working with security software, documentation, software testing, software maintenance, and the software development process.
  • Maintains current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; related to forensics and incident response.
  • Strong analytical, prioritizing, interpersonal, problem-solving, presentation, project management (from conception to completion) and planning skills.
  • Strong verbal and written communication skills.
  • Demonstrated collaborative skills and ability to work well in a fast-paced dynamic environment.
  • Self-motivated with critical attention to detail, deadlines and reporting.
  • Quick and motivated learner with high enthusiasm to develop cyber security skills