ASAP Talent Services in partnership with CyAlliance has been retained by a large, global conglomerate to help recruit an Information Security Manager. The role reports directly to the VP, Security & Infrastructure
Location: This role can be home-office and virtually based and the role also leads a team that is virtual in nature. The role is preferred to be East Coast or Midwest potentially. Great locations might include Florida (FL), South Carolina (SC), North Carolina (NC), Virginia (VA), Georgia (GA), Pennsylvania (PA), Ohio (OH), etc.
Information Security Manager
Our Client is currently seeking an Information Security Manager to join our Information Security & Infrastructure Team. The Information Security Manager will be a hands-on information security expert responsible for the effective management and delivery of the cybersecurity portfolio. The perfect candidate will lead a team in building and maturing security processes, capabilities, and tooling across a global, highly matrixed environment. This position will report to the VP of Security & Infrastructure and partner closely with other IT teams across the business to drive and support the adoption of Our Client’s security standards and architecture principles, while deploying new security solutions and capabilities. The selected candidate will also drive the implementation and ongoing support of enhanced automation capabilities supporting various platforms across the cybersecurity portfolio. This position is a remote work opportunity.
Responsibilities of the Information Security Manager:
- Support risk management initiatives by working closely with stakeholders in information security, technology, and lines of business to understand needs, and apply risk management treatments accordingly.
- Act as a technical authority to provide security architecture guidance to teams across infrastructure, application, and cloud domains.
- Support and mature the enterprise cybersecurity operations program by focusing heavily on improving monitoring, detection, mitigation, and automation capabilities.
- Manage and support the regulatory compliance program by staying abreast of emerging trends and changes to regulations.
- Lead team in responding promptly to security incidents and provide thorough post-event analysis.
- Mature risk and vulnerability management programs by driving infrastructure security assessments, risk assessments, and vulnerability analysis.
- Provide technical leadership and oversight to organizational technology and security projects.
- Drive agile approach in managing security team workload, projects, and upgrades.
- Manage and mentor a team of information security engineers focusing on vertical and horizontal development.
- Stay knowledgeable on topics in cybersecurity by researching emerging trends, technologies, threats, and vulnerabilities.
Required Qualifications of the Information Security Manager:
- 2+ years of management experience leading information security engineering and operations projects and initiatives
- 5+ years of experience in information security supporting governance, risk, and compliance initiatives including Vulnerability & Pen Testing Programs
- Experience leading teams in support of securing client and server operating systems (Windows/Linux)
- Experience securing and monitoring multi-cloud environments; AWS / M365 experience a plus
- Expert working knowledge of current IT risks coupled with experience implementing effective and appropriate risk management treatments
- Excellent written and communication skills; experience with public speaking / reporting a plus
- Experience working in a security operations environment performing security monitoring and incident response activities
- Advanced understanding of IT protocols, cryptography, authentication, authorization, and security architecture fundamentals
- Ability to interact with people at all levels of the business, with excellent written and verbal communication skills
Preferred Qualifications of the Information Security Manager:
- Industry certifications (CISSP, CISM, GCIH, GMON, GPEN, OSCP, AWS)
- Experience securing cloud infrastructure (AWS/Azure)
- Exposure to industry cybersecurity frameworks (ATT&CK, NIST CSF, Cyber Kill Chain, ISO, etc.)
- Experience supporting regulatory compliance requirements such as GDPR, DFARS, PCI