Senior Manager, Information Security

US-AZ-Phoenix
Company
University of Phoenix
Job Family
Information Technology
Virtual Eligible
No
Requisition ID
2017-9338
Position Type
Full-Time

Overview

Assists leaders in defining access and identifying security related objectives. Develops and implements Information Security policies, standards, processes and procedures for the enterprise. Establishes technical security standards and configurations for operating systems, applications and network equipment. Manages those who ensure the security of company electronic information through the implementation of technical and administrative safeguards.

Responsibilities

• Develops and implements Information Security policies, standards, processes and procedures for the enterprise.
• Establishes technical security standards and configurations for operating systems, applications and network equipment.
• Designs and implements security policies to control access to systems.
• Ensures and monitors security compliance with industry and government rules and regulations.
• Coordinates with technology and business groups to assess, implement, and monitor IT-related security threats, probability of occurrence and impact on business processes.
• Communicates risks to appropriate business personnel and recommends appropriate remediation for risk reduction to manageable levels.
• Reports security performance against established security metrics.
• Conducts on-going analysis on security metrics and recommends modifications where needed.
• Ensures security compliance and meets all service level agreement requirements.
• Creates and manages an ongoing information security awareness program to ensure staff members across the organization.
• Works closely with legal, compliance and audit to escalate and coordinate efforts to protect sensitive information across the organization.
• Maintains a deep technical knowledge to keep abreast of threats and technologies associated with prevention, detection and response of information security incidents.
• Works across organizational boundaries to develop working relationships across the enterprise and businesses.
• Receives assignments in the form of objectives and determines how to use resources to meet schedules and goals.
• Reviews alerts and data from sensors and documents formal, technical incident reports.
• Provides guidance to subordinates within the latitude of established company policies.
• Works on issues of diverse scope where analysis of situation or data requires evaluation of a variety of factors, including an understanding of current business trends.
• Manages Information Security staff in the identification, reporting and resolution of security violations.
• Manages incident response teams where appointed by senior management through to resolution.
• Provides and implements mitigating actions to contain incident related activity and facilitates forensics analysis where required.
• Conducts presentations and tours as required for announced visitors.
• Manages or participates in vendor risk management, vulnerability management and incident management programs as required.
• Performs other duties as assigned or apparent.

Qualifications

Basic Requirements:
• Bachelor’s degree in Computer Science or a related field, or equivalent experience is required
• Minimum of 10 years progressive IT security skills, IT audit experience can be included in experience
• Minimum of 5 years directly managing Information Security teams

 

Additional Qualifications:
• Certified Information Systems Security Professional (CISSP), highly preferred

• Knowledge of IT risk assessments & management methodologies, IT Governance, Risk & Compliance (GRC)
• Experience documenting security policies, standards & risk acceptance processes GRC tools
• Technical expertise in anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns
• Technical expertise in Intrusion Prevention System (IPS)/Intrusion Detection System (IDS), SIEMs and other Computer Network Defense (CND) security tools
• Working knowledge of ISO 27001 and ISO 27002 standards for Information Security, PCI DSS (Payment Card Industry Data Security Standard), SOX (Sarbanes Oxley), GLBA (Graham Leach Bliley Act), FERPA (Family Educational Rights and Privacy Act)
• Knowledgeable in various EU Data Protection laws
• Certified Information Security Manager (CISM
• Certified Information Systems Auditor (CISA), preferred
• Certified NIST (National Institute of Standards and Technology) 800
• Experience in other International Data Protection laws, preferred
• Excellent interpersonal, written communication, technical writing and presentation skills
• Strong business analysis skills
• Ability to learn quickly, absorb and retain information, and apply knowledge when and where relevant
• Self-motivated and ability to work on own initiative with minimal guidance
• Logical approach to problem solving
• Experience of managing a varied and heavy workload
• Ability to prioritize work appropriately
• Creative and innovative, yet pay close attention to detail
• Desire to see tasks through to completion
• Strong team player
• Ability to correlate network activity across networks to identify trends of unauthorized or suspicious use.
• Ability to identify and assesses the severity and potential impact of risks
• Thorough knowledge and understanding of the technical Information Security environments and processes
• Proven ability and past experience performing moderately complex security analysis for information technology is required
• Excellent oral and written communication skills to effectively interact with internal and external customers

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on Your Newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.