The Information Security Manager will be responsible for building and maintaining a security program using data-driven methods that focus on organization and situation specific results. In this role, the Information Security Manager will assist with the development and execution of security objectives that cover administrative, technical, and physical security controls to reduce risk and meet compliance requirements. He/She will provide advice to both internal and external customers regarding technical issues, security risks and business impacts, as well as participate in the broader Information Security governance process with IT and Security leadership. The Information Security Manager will also collaborate with the Head of Information Security on global initiatives such as risk assessments, business continuity, Incident Response and security testing.
This role requires a professional attitude that includes honesty, flexibility, collaboration and a commitment to ongoing learning.
Manage security controls and processes including authentication, network security controls, anti-malware, DLP, encryption, and SEIM.
Oversee the management of IT operational processes related to security and compliance including disaster recovery, change control, and user rights management.
Serve as an internal resource regarding contractual obligations and compliance requirements with SSAE-16, GLBA, SOX, FFIEC, Mass 201 CMR 17.00, FINRA Rule 4370, and SEC Regulations S-P.
Partner with customers and vendors to ensure operational and reporting needs are met. Prepare for and respond to security questionnaires and facilitate customer-driven and formal external audits.
Review and uncover new threats, vulnerabilities, and new compliance requirements.
Collaborate with Legal, IT, HR, Software Development and other relevant business units to develop risk and compliance remediation plans.
Assist with and lead business continuity events, security incidents, and outage exercises.
Task Management – Organizing and prioritizing tasks. Managing time to maximize personal productivity. Estimating task duration and completing tasks when promised. Multi-tasking
Judgment and Decision Making — Considering the relative costs and benefits of potential actions to choose the most appropriate one
Systems Evaluation — Identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system
Critical Thinking — Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems. Making good decisions and solving problems while under pressure
Attitude & Teamwork– Projecting confidence tempered with humility. Must be a team player willing both to steer the team towards success and to fully support the team when others are steering
Problem Sensitivity — The ability to tell when something is wrong or is likely to go wrong. Recognizing there is a problem and informing the resources who can address the problem
Thinking Creatively — Developing, designing, or creating new applications, ideas, relationships, systems, or products, including artistic contributions
Making Decisions and Solving Problems — Analyzing information and evaluating results to choose the best solution and solve problems
Bachelor’s Degree or equivalent work experience with relevant security certifications such as CISSP, Security +, MCSE:Security, SANS GIAC, CRISC, etc.
Prior work experience in a regulatory-compliant environment strongly preferred.
Experience with network security and firewalls technology including design, configuration review, and troubleshooting.
Knowledge of complex application, network, virtual environment security, and systems operations.
Ability to relate business requirements and risks to the implementation of policies and technologies.
Knowledge of one or more formal risk assessment methodologies such as FAIR, OCTAVE, NIST, FMEA, etc.
Prior experience with software development/QA life cycle experience preferred.
Boston, Massachusetts, United States