The Information Security Manager is responsible for IT security policy enforcement and maintenance; design of security policy education, training, and awareness activities; monitoring compliance within the organization and applicable law; and coordinating investigation and reporting of security incidents. Monitor, assess, and fine-tune the IT business continuity and disaster recovery program, perform network penetration tests, application vulnerability assessment scans and risk assessment reviews.
Develop and monitor practices to ensure that the network information is secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to authorized users in a timely fashion. The ISA's duties include training in and dissemination of security policies and practices as well as developing strategies and plans to provide for timely business resumption in the event of a serious disruption. Applicants employed in this position will be required to work extra hours, as needed, and to be on-call for scheduled after-hour emergencies and respond to after-hours emergencies as needed.
Direction received is very general and focuses on end results and is typically collaborative in nature. Position plans own work and project schedules and sequences.
Essential Duties && Responsibilities
Monitor and advise on information security issues related to the systems and workflow to ensure the internal security controls for the company's IT infrastructure is appropriate and operating as intended.
• Coordinate and execute IT security projects.
• Coordinate and execute IT security assessment audits and manage remediation
• Coordinate response to information security incidents.
• Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
• Conduct data classification assessment and security audits and manage remediation plans.
• Collaborate with IT management, the legal department, safety and security, and law enforcement agencies to manage security vulnerabilities.
• Create, manage and maintain user security awareness.
• Conduct security research in keeping abreast of latest security issues.
• Prepare security notification, alerts and procedures for handling security incidents.
• Perform other related duties as assigned.
• Creating, testing and implementing network disaster recovery plans
• Performing risk assessments and testing of data processing systems
• Installing firewalls, data encryption and other security measures
• Recommending security enhancements and purchases
• Training staff on network and information security procedures
Decisions which you make:
· Implementation of process\procedures to improve job efficiency
· Implementation of solution to reduce system downtime.
· Implementation of system maintenance to improve system performance and availability
· Design and development decisions
Knowledge, Skills & Abilities
Has extensive knowledge of IT security standards, fully understand PCI and requirements for compliance. Planning and implementing security measures to protect computer systems, networks and data. Expected to stay up-to-date on the latest intelligence, including hackers’ methodologies, in order to anticipate security breaches. Is able to effectively managing and preventing data loss and service interruptions by researching new technologies that will effectively protect a network.
Has thorough knowledge of all applicable laws, ordinances, policies, standards and regulations pertaining to the specific duties and responsibilities of the job. Is able to effectively communicate and interact with consultants, subordinates, peers, and management. Is able to assemble information and make written reports and documents in a concise, clear and effective manner. Possess a base of project management concept as necessary in the completion of daily responsibilities. Is able to implement long-term goals in order to promote effectiveness and efficiency. Is able to use independent judgment and discretion in maintaining standards, and resolving problems. Has the ability to comprehend, interpret, and apply regulations, procedures, and related information. Is knowledgeable and proficient with computers. Is able to read, understand and readily interpret applicable regulations, contracts, construction documents, contracts, maps and related materials.
The applicant must be able to manage multiple projects and/or task concurrently. Must be a self-starter and be able to use own judgment/initiative to undertake activities with minimal supervision. The candidate must also have excellent oral and written communications skills as well as the ability to work alone or within a team environment
The successful candidate must be able to work collaboratively with others to achieve team & organizational goals; prioritize projects and/or tasks; provide constructive input to achieve team goals; deliver a customer-focused, responsive service to customers; support efforts to enhance business efficiency & effectiveness; demonstrate a positive, “can-do” attitude; respond constructively to new information, changing conditions, & unexpected obstacles. Support and assist with achieving the Strategic Objectives and Goals of the Department.
Minimum Qualifications – Education and Experience
BA or BS in Computer Science, Management Information Systems, or related field. Five years of progressive experience in computing and information security, including experience with Internet technology and security issues. Experience in higher education preferred. Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing. Has a proficient knowledge of managing Cisco ISE, Rapid 7, ForeScout, Proofpoint, McAfee, Audit scan assessment and execution, Trustkeeper, and Websense.
Knowledge of information security standards (e.g., PCI, ISO 17799/27001, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis. Strong analytical and problem solving skills. Excellent communication (oral, written, presentation), interpersonal and consultative skills.
Preferred Education & Experience
CISSP, GIAC, or other security certifications desired.
Licensures and Certifications
Position would be expected to have licensure or professional certifications appropriate to the position.
Valid Georgia driver’s license