Highering LLC
Sr Manager Information Security
Highering LLC, San Francisco, California, United States, 94199
Information Security
threat landscape continues to remain increasingly complex and requires constant vigilance to secure a large, global enterprise. The Sr. Manager Information Security & Risk Management (ISRM) will report directly to the CISO. This position will collaborate with various stakeholders within IT, Legal, HR, and business units to create and maintain information security strategy & roadmap. The Sr. Manager Information Security will help architect and implement security solutions to enable business processes while ensuring that confidential information remains secure under corporate control. This position will work on assessing the security controls of new & existing applications & processes and oversee the incident response process. The Sr. Manager Information Security will work with software & product security groups and external experts to enhance the security posture of software & products. This position will work closely with executives, business managers, and IT to communicate the importance and need for enhanced security controls.Principal ResponsibilitiesWork with CISO and management to develop an information security vision and strategy that is aligned with organizational priorities and enables business objectivesDevelop, implement and monitor a comprehensive information security program to protect the organizationManage the budget for the information security functionWork with Legal and HR to develop, implement and monitor a comprehensive data loss prevention programMonitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of actionWork with IT, Legal, HR, and business units to facilitate security risk assessment & risk management processes and ensure that residual risk is in line with company’s risk toleranceDevelop, implement, and maintain security assessment processes & tools to review the security controls in on-premise and cloud-based applicationsEvaluate the impact of cloud applications on the overall Enterprise Architecture as it relates to information securityEnsure that security is embedded in the project delivery process by providing appropriate information security policies, procedures, and guidelinesUnderstand the impact to security and IP Protection for mobile platforms and networks and make recommendations for maintaining a secure mobile environmentWork with Computer Security Incident Response Team (CSIRT) to manage & contain information security incidents and events to protect company IT assets, Intellectual Property, and company’s reputationDevelop and implement Red Team and Penetration Testing processManage the vulnerability assessment & management and patching processConduct cybersecurity tabletop exercises to improve response capabilitiesWork with internal stakeholders to manage customer & government audit requestsWork with data privacy officer and privacy team to ensure that data privacy requirements are included where applicableProvide regular reporting on the current status of information security program to managementThis position may require traveling up to 24% of the timeQualificationsBA/BS in Information Technology or related field from an accredited universityMinimum of 10 years of experience in a combination of information security, risk management, security review, and incident responseProfessional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar certificationKnowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity FrameworkProven track record and experience in executing information security & intellectual protection programs in a global environmentHigh degree of competence with Microsoft Office Productivity ApplicationsAbility to assess, validate and incorporate new tools, practices, strategies, and processes to gain efficiencies in the areas of cybersecurity & intellectual property protectionSound knowledge of business management and a working knowledge of information security risk management and cyber security technologiesExperience with data loss prevention and digital rights management applications, practices, principles, and strategies is especially helpfulMust have experience in participating and managing customer & government auditsDemonstrated experience in managing information security in a large, global companyExperience in manufacturing and R&D environmentsPoise and ability to act calmly and competently in high-pressure, high-stress situationsHigh level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturityAbility to motivate the information security team to achieve tactical and strategic goals, even when only “dotted line” reporting lines existAdaptable, innovative, and detail orientedDisciplined to solve complex problems with the ability to solve issues and drive solutions that solve business problemsExcellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectivesExcellent written, verbal, presentation, and interpersonal communication skillsExperience in presenting to large groups
#J-18808-Ljbffr
threat landscape continues to remain increasingly complex and requires constant vigilance to secure a large, global enterprise. The Sr. Manager Information Security & Risk Management (ISRM) will report directly to the CISO. This position will collaborate with various stakeholders within IT, Legal, HR, and business units to create and maintain information security strategy & roadmap. The Sr. Manager Information Security will help architect and implement security solutions to enable business processes while ensuring that confidential information remains secure under corporate control. This position will work on assessing the security controls of new & existing applications & processes and oversee the incident response process. The Sr. Manager Information Security will work with software & product security groups and external experts to enhance the security posture of software & products. This position will work closely with executives, business managers, and IT to communicate the importance and need for enhanced security controls.Principal ResponsibilitiesWork with CISO and management to develop an information security vision and strategy that is aligned with organizational priorities and enables business objectivesDevelop, implement and monitor a comprehensive information security program to protect the organizationManage the budget for the information security functionWork with Legal and HR to develop, implement and monitor a comprehensive data loss prevention programMonitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of actionWork with IT, Legal, HR, and business units to facilitate security risk assessment & risk management processes and ensure that residual risk is in line with company’s risk toleranceDevelop, implement, and maintain security assessment processes & tools to review the security controls in on-premise and cloud-based applicationsEvaluate the impact of cloud applications on the overall Enterprise Architecture as it relates to information securityEnsure that security is embedded in the project delivery process by providing appropriate information security policies, procedures, and guidelinesUnderstand the impact to security and IP Protection for mobile platforms and networks and make recommendations for maintaining a secure mobile environmentWork with Computer Security Incident Response Team (CSIRT) to manage & contain information security incidents and events to protect company IT assets, Intellectual Property, and company’s reputationDevelop and implement Red Team and Penetration Testing processManage the vulnerability assessment & management and patching processConduct cybersecurity tabletop exercises to improve response capabilitiesWork with internal stakeholders to manage customer & government audit requestsWork with data privacy officer and privacy team to ensure that data privacy requirements are included where applicableProvide regular reporting on the current status of information security program to managementThis position may require traveling up to 24% of the timeQualificationsBA/BS in Information Technology or related field from an accredited universityMinimum of 10 years of experience in a combination of information security, risk management, security review, and incident responseProfessional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar certificationKnowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity FrameworkProven track record and experience in executing information security & intellectual protection programs in a global environmentHigh degree of competence with Microsoft Office Productivity ApplicationsAbility to assess, validate and incorporate new tools, practices, strategies, and processes to gain efficiencies in the areas of cybersecurity & intellectual property protectionSound knowledge of business management and a working knowledge of information security risk management and cyber security technologiesExperience with data loss prevention and digital rights management applications, practices, principles, and strategies is especially helpfulMust have experience in participating and managing customer & government auditsDemonstrated experience in managing information security in a large, global companyExperience in manufacturing and R&D environmentsPoise and ability to act calmly and competently in high-pressure, high-stress situationsHigh level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturityAbility to motivate the information security team to achieve tactical and strategic goals, even when only “dotted line” reporting lines existAdaptable, innovative, and detail orientedDisciplined to solve complex problems with the ability to solve issues and drive solutions that solve business problemsExcellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectivesExcellent written, verbal, presentation, and interpersonal communication skillsExperience in presenting to large groups
#J-18808-Ljbffr