The information security manager is the process owner for the development and implementation of an organization-wide information security program and ongoing activities to preserve the availability, integrity, and confidentiality of agency and client information resources in compliance with applicable security policies and standards.
This position consults and partners with internal technical services, facilities, and office services personnel as well as each agency department to create, enforce and verify compliance with information security standards and policies.
The information security manager is a member of the information technology department and reports directly to the Chief Information Officer (CIO).
On any given day you might:
- Leads development, documentation and maintenance of information security policies, procedures, and standards across agency departments.
- Facilitates education of information security policies, procedures, and standards across agency departments.
- Initiates, facilitates and promotes activities to create information security awareness and training programs throughout the organization.
- Monitors and routinely audits compliance to all information security procedures and policies and ensures consistency of internal controls across the organization
- Monitor changes in local, state, and federal regulations and accreditation standards affecting information security, and make recommendations to the CIO and other managers on the need for policy changes.
- Provides oversight and ownership of incident response procedures.
- Manage information security audit and compliance activities including SOX, ISO 27001 and NIST Cybersecurity Framework.
- Assist in system and software architecture and design to ensure that assets are appropriately secure at all times.
- Work closely with Independent and internal auditors to preempt, mitigate, and swiftly respond to any audit findings that require action.
- Creates and facilitates an information security steering committee to help guide strategic information security needs.
- Attends conferences and training as required to maintain proficiency.
The ideal candidate:
- Experience in an agency business would be a plus, but not essential.
- Excellent oral and written communication skills; ability to interact with internal and external stakeholders.
- Must demonstrate strong analytical, reasoning and problem-solving skills.
- Ability to set priorities and adapt to changes in a quick, professional manner.
- Ability to use discretion when handling confidential information.
- Ability to carry a mobile device and provide off-hours support as required.
- Advanced knowledge of information security principles and practices, including any of the following: security risk assessment standards, risk assessment methodologies, and vulnerability assessment.
- Must have demonstrated experience implementing security initiatives that require partnership with other IT areas and business units.
- Minimum 5 years of information security management experience preferred. Including some personnel management and budgeting experience.
- At least 3 years of project management experience required.
- Certified Information Systems Security Professional (CISSP) or other equivalent certifications preferred.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.