Job Description
Job Title: Manager, Information Security
Grade: TBD
Department: Information Technology
Reports To: Senior Manager, IT Infrastructure
FLSA Status: Exempt (Management)
Summary: The Manager, Information Security will be responsible for the strategic leadership, execution, and continuous improvement of the organization's information security program designed to protect the Funds' systems, networks, and data. This role will provide critical oversight of security operations, develop and maintain policies and frameworks, and mentor members of the Information Security team. The Manager will be responsible for managing the risk register, defining and implementing frameworks to improve Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), Incident Response Plans, and ensuring the Information Security Policy Manual and Business Continuity Plan address the evolving threat landscape and compliance requirements. The successful candidate will be a hands-on leader, well-versed in both operational security and governance, and capable of building a scalable, resilient information security team aligned with the Funds' broader IT strategy.
Essential Duties and Responsibilities:
- Lead and manage the IT Security Operations team, including Information Security Analysts, Engineers, and Incident Responders.
- Provide guidance and expertise in risk management regarding the protection and security of digital assets in the cloud and on-premises.
- Design and develop Information Security architectures to prevent unauthorized access to our systems, networks, data, and information.
- Develop, maintain, enhance, and implement information security policies and procedures, including the Information Security Policy Manual, Incident Response plans, playbooks, runbooks, and the Business Continuity Plan documents, updating them as changes occur.
- Coordinate and perform business continuity planning and incident response exercises annually within IT and with business champions. Lead response efforts during security incidents.
- Manage, maintain, and monitor security technologies such as vulnerability scanners, IDS/IPS, anti-virus, DLP, SIEM, EDR, host forensics, malware analysis, firewalls, threat intel platforms, and proxies.
- Collaborate with our Security Operations Center (SOC) provider to review threat alerts and reports, ensuring follow-up on all actionable information.
- Work with our vCISO to manage security initiatives, risk mitigation, assessments, audits, and penetration testing.
- Manage real-time threat detection technologies to identify and quarantine threats, monitor endpoint security alerts, and take corrective actions.
- Identify and address security deficiencies through governance, technology infrastructure, and facilities assessments, using risk analysis and corrective plans.
- Monitor internal control systems to ensure appropriate access levels, protecting against unauthorized access, modifications, and destruction.
- Review security reports, logs, and incidents; escalate issues and initiate response procedures.
- Create and review vulnerability reports, track compliance, and escalate as needed.
- Research emerging technologies, threats, trends, tools, and best practices; propose and coordinate implementation of security solutions.
- Update and enforce data security practices, testing for exposures and ensuring compliance with regulations (e.g., NIST, ISO 27001, PCI-DSS, HIPAA).
- Test security controls and manage remediation of deficiencies.
- Assess security information, respond to events, and conduct correlation analysis, prioritizing incidents.
- Manage security projects and initiatives.
- Oversee incident handling, including containment and remediation activities.
- Support security training and awareness initiatives, collaborating with relevant departments.
- Manage multiple priorities and deadlines, providing support after hours and on-call as needed.
- Perform other duties as assigned.
Qualifications:
- 7+ years in Information Security or IT Operations management, with at least 5 years in IT Security and 2 years managing security staff.
- Strong knowledge of security design, principles, policies, standards, and guidelines.
- Incident response experience; knowledge of Windows/Unix forensics, event logging, authentication, web security, and penetration testing.
- Advanced networking knowledge (TCP/IP, DNS, LDAP, AD, DHCP, HTTP, firewalls).
- Experience monitoring and auditing security systems (Firewalls, SIEM, DLP, etc.).
- Hands-on with security controls (IAM, RBAC, anti-virus, IPS/IDS, DLP, proxies, MFA, VPNs).
- Familiarity with regulatory standards (PCI, PII, HIPAA, GDPR).
- Knowledge of security frameworks (ISO, NIST).
- Experience with risk assessments and vulnerability management.
- Understanding of endpoint protection solutions.
- Knowledge of operating systems (Windows, Linux, iOS) and security technologies.
- Experience with Azure DevOps Security and automation is a plus.
- Knowledge of database technologies (SQL, MySQL, Oracle) is a plus.
- Ability to work independently, research, and resolve issues with minimal supervision, and collaborate effectively.
Interpersonal Skills:
- Detail-oriented with excellent communication, organization, and analytical skills.
- Proactive in planning and initiative-taking to meet objectives.
- Ability to prioritize and meet deadlines.
- Effective at establishing and maintaining professional relationships.
Education and/or Experience: Bachelor's Degree in Computer Science or related field.
Skills: Proficiency in English (reading, writing, speaking).
Reasoning Ability: High
Certificates: CISM, CISSP, or CISA certifications are highly preferred.
Physical Demands: Must meet physical requirements, with accommodations available as needed.
- Less than 1/3 of the time: Standing, walking, climbing, balancing, stooping, kneeling, crouching, crawling.
- Half to two-thirds of the time: Sitting, reaching.
- Over two-thirds of the time: Talking, hearing.
- All the time: Using hands.
Work Environment: Exposure to mechanical parts, radiation, and moderate noise, with accommodations available for disabilities.
#J-18808-Ljbffr