Information Security Manager
Estimated Pay | $25 per hour |
---|---|
Hours | Full-time, Part-time |
Location | Versailles, Kentucky |
Compare Pay
Estimated Pay$18.63
$24.75
$57.69
About this job
Job Description
Job Summary:
The Information Security Manager is a member of the IT leadership team and will lead information security, cybersecurity, and IT risk management programs based on industry-accepted information security and risk management frameworks. The Information Security Manager is responsible for designing, implementing, operating, and maintaining an information security framework, processes, and systems. The Information Security Manager will guide FNU's information security program and support the IT leadership team in developing and implementing appropriate security controls for enterprise applications and infrastructure. The Information Security Manager will also coordinate and guide cybersecurity and incident response activities.
Duties and Responsibilities:
Plan and conduct information security risk assessments to proactively identify, mitigate, and reduce risk to the organization.
Provide leadership in establishing IT policies, guidelines, standards, processes, procedures, best practices
Guide the development and implementation of appropriate security controls for information technology applications and infrastructure
Proactive identification of risks and protecting FNU information, applications, and infrastructure from external/internal threats and implement processes which help manage and reduce the overall risk impact to the enterprise
Manage the design, implementation and management of appropriate processes and controls which help assure that information created, acquired or maintained by FNU and its authorized users, is used in accordance with its intended purpose
Develop, implement, and test incident response plans
Coordinate incident response activities
Review third party contracts for compliance with security requirements and recommending appropriate language, as necessary
Providing guidance and recommendations to help FNU comply with regulatory requirements (e.g. FERPA, GLBA, HIPAA, and PCI-DSS)
Preparing reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions
Communicating risk posture, security metrics, and security issues to leadership
Collaborating with technical and non-technical teams to analyze and recommend actions related to compliance, vulnerabilities, and control weaknesses
Providing security requirements to be included in statements of work and other appropriate procurement documents
Develop methods to monitor and measure risk, compliance, and assurance efforts
Ensure that risk management processes are followed and documented
Promoting security awareness across the organization
Provide service to the University through activities such as involvement in FNU shared governance (e.g. committees, workgroups), FNU sponsored activities (e.g. charity drives, community-outreach activities), and/or service to the profession (e.g. presentations, professional organization committee work).
Adhere to the elements of the Culture of Caring
Other duties as assigned.
Required Skills/Abilities
Primarily days; 8:00 AM – 5:00 PM. However, this position may require additional time during evenings, weekends, and holidays to accomplish work goals
Strong technical knowledge of information security, risk management, compliance, and incident response activities
Advanced knowledge of NIST CSF, GLBA, PCI, COBIT, ITIL, and risk management frameworks including NIST SP 800-30,NIST SP 800-39 preferred
Demonstrated ability to lead and perform risk assessment/management activities
Strong analytical skills and the ability to resolve complex problems
Ability to work independently
Strong interpersonal and communication skills and ability to effectively communicate with management, staff and regulatory agencies
Policy and procedure development
Education and Experience:
Associate degree and 10+ years of related higher education IT experience, with at least 2 years in an Information Security, IT Audit, Cybersecurity or similar role.
Relevant certifications within two years of hire (e.g. CISSP, CISM, CISA)
Physical Requirements:
Should be able to stand/sit for long periods of time.
Must maintain a valid driver’s license and reliable mode of transportation in order to attend work-related meetings and events off-site.
Reporting Relationship:
Reports directly to the Director of IT
Work Location:
Eligible for hybrid telecommuting agreement after 30 days of employment.
Versailles, KY