Logo
TEPHRA

Information Security Manager-Enterprise Information Security - S Job at TEPHRA i

TEPHRA, Cedar Rapids, IA, US


Description: Job Description for Information Security Manager Location Options: Cedar Rapids, IA Dallas, TX St. Petersburg, FL Responsibilities: •Ensuring that security strategies are aligned with business requirements •Implementing, reviewing and monitoring of HIPAA security requirements and controls into the business operations •Ensure that security incidents/events are identified/reported/managed as per organizational and regulatory requirements (HIPAA/PCI) •Collaborate and carry out risk assessment of operational work, business continuity •Carry out ongoing security awareness related to ISMS and HIPAA requirements •Supporting implementation and manage SOC1/SOC2 audits from security aspects •Carryout internal audits Requirements: Process Knowledge •Information Security Audit Planning, Execution, Audit Documentation and Reporting •IT Risk assessment and review of IT General Controls •ISO 27001 standards based Information security management system (ISMS) build and implementation •Information Security Policies, Procedures and Standards design/review •Compliance Audits (SOX.ISO27001, SSAE 18, SOC1/SOC2) •Exposure to Best Practices such as ITIL, COBIT , PCIDSS and COSO framework •Responding to RFPs on security requirements in contract •Information security risk assessment, treatment and management aspects •Ability to handle security incidents and investigations. Regulatory framework •In-depth knowledge of HIPAA security and other regulatory requirements and implementation Technology Knowledge •Network security and OS Level Auditing Skills •Vulnerability Assessment and Penetration Testing knowledge •Secure Architecture Design and Implementation. •Implementation/auditing of IAM, Firewalls, IDS, IPS, VPN, Authentication mechanisms, assessment tools, etc Enterprise Architecture •Business / IT alignment •Cloud Computing, Skills •Project Management Skills •Has to be a versatile Team player •Aptitude to learn new technologies •Constant learning •Excellent Communication Skills •Auditing skills Certifications preferred - one or multiple: CISA, CISSP, CISM, ISO 27001:2013 Lead Auditor/implementer