Sr Ent Information Security Manager

The Information Security Manager, working within the Corporate Information Security Team, will be responsible for liaising with assigned business units on behalf of Corporate Information Security (CIS). These responsibilities will include understanding business-driven projects that involve network and information security, applications, networking, and web-based technologies. They will be responsible for understanding the Business Unit’s processes and priorities and working with them to manage business impact and threats through a risk-based methodology. Ensures through positive engagement that business goals are met in a secure and compliant manner, according to industry standard regulations.

Qualifications

Ideal Candidate will have:

• Strong technical, influential, and organizational skills.
• Six years’ experience in information security related discipline, in addition to several years’ relevant systems and/or network administration experience.
• Expert relationship building and partnering skills, including persuasion, negotiation, and consensus building.
• Experience translating emerging IT and business trends into meaningful risk reduction opportunities.
• Demonstrated ability to work effectively in a complex matrixed environment.
• Outstanding verbal and written communication skills.
• Ability to interpret business strategy and align to appropriate security enhancements to achieve business enablement.
• Ability to translate security requirements into business risks and impacts.
• Experience with high-level design Architecture, Firewall, Internet, LAN Router, Network, Protocols, Web Services, and SOA.
• Strong understanding of encryption, obfuscation, and/or tokenization technologies or compensating controls.
• Appropriate industry certifications, such as CISSP, CISA, or CCIE.
• Preferred: Bachelor degree in Computer Science, Information Security, Information Management, or other related discipline.
• Telecommunications industry expertise, Six Sigma Training, Audit, Compliance & Network experience preferred.

Skills and Qualifications

• A broad, enterprise-wide view of the wireless (or similar) business and understanding of strategy, processes and capabilities, enabling technologies, and governance.
• Experience in telecommunications, internet service provider, or application service providers a plus.
• The ability to apply Information Security principles to business solutions.
• Extensive experience planning and deploying both business and technology security initiatives.
• Exceptional communication skills and the ability to convey results in a summarily and persuasive manner to business owners, including written and verbal communications as well as visualizations.
• The ability to act as liaison conveying information needs of the business to technology teams and technology constraints to the business.
• Team player able to work effectively at all levels of an organization with the ability to influence others to move toward consensus.
• Knowledge of federal & compliance regulations e.g. SOX, PCI & CPNI.
• Good understanding & experience applying CoBIT, ISO, ITIL, NIST frameworks.
• Understanding of Local (Wired & Wireless), Wide area, and mobile networks.
• A good understanding of Network Security, Firewalls, Intrusion Detection and Prevention, AVS, VLANS.
• Strong background and experience in IP Networking and Routing Protocols.
• Fluency in the use of all MS Office applications, including SharePoint services.

Responsibilities

What you will do:

• Make proactive assessments of threat information in and outside the public domain, understanding the threat as it relates to its customers, and implementing measures to combat the threat.
• Understand the operations of the business and comprehend how these create value and risk for the organization.
• Collaborate with team members, peers, and the business unit management team to determine technical information security requirements, planned remediation, and advocate for the program to gain resources to implement appropriate protection technologies and processes.
• Implement and monitor controls necessary to ensure operational processes are performed and are effective to protect the environment from all forms of malicious cyber activity.
• Assist the Governance group in the development and refinement of technical security standards, key performance indicators, and other necessary processes to maintain effective operational security, as it relates to the business.
• Make risk-based decisions on a daily basis that has the potential to impact our ability to operate and communicate.
• Ensure the information and network security controls for us are appropriate and operating as intended; includes solutions that are directly controlled as well as security solutions that are operated by other internal and external groups.
• Provide status reports on a weekly, monthly, and quarterly basis to business managers and other management activities that demonstrate the health of the program.
• Interact with internal audit, third party auditors, and appropriate regulatory bodies.
• Support the Information Security policy lifecycle throughout, including all aspects of intake, creation, review, approval, implementation, publishing, communication, and maintenance.
• Liaise with and assist outsourced security service providers with vulnerability assessments of business applications, systems, and architectures.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Direct Staffing Inc