Manager, Information Security
: Job Details :

Join to apply for the Manager, Information Security role at Building Service 32BJ Benefit Funds

2 weeks ago Be among the first 25 applicants

Join to apply for the Manager, Information Security role at Building Service 32BJ Benefit Funds

Building Service 32BJ Benefit Funds provided pay range

This range is provided by Building Service 32BJ Benefit Funds. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

$150,000.00/yr - $160,000.00/yr

Direct message the job poster from Building Service 32BJ Benefit Funds

Senior Technical Recruiter at 32BJ Benefit Funds: Hiring IT Professionals who directly impact the lives of 100K+ Union Workers

Job Title: Manager, Information Security

Grade: TBD

Department: Information Technology

Reports To: Senior Manager, IT Infrastructure

FLSA Status: Exempt (Management)

This is a full-time position that requires working onsite at our NYC office 4 days per week. This requirement is mandatory.

Summary: The Manager, Information Security will be responsible for the strategic leadership, execution, and continuous improvement of the organization's information security program designed to protect the Funds' systems, networks, and data. This role will provide critical oversight of security operations, develop and maintain policies and frameworks, and mentor members of the Information Security team. The Manager will be responsible for managing the risk register, define and implement frameworks to improve Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), Incident Response Plans, and ensure the Information Security Policy Manual and Business Continuity Plan addresses the evolving threat landscape and compliance requirements. The successful candidate will be a hands-on leader, well-versed in both operational security and governance, and capable of building a scalable, resilient information security team aligned with the Funds' broader IT strategy.

Essential Duties and Responsibilities:

• Lead and manage the IT Security Operations team, including Information Security Analysts, Engineers, and Incident Responders.
• Provides guidance and expertise in the field of risk management regarding the protection and security of digital assets in the cloud and on-premises.
• Designs and develop s Information Security architectures to prevent unauthorized access to our system, networks, data, and information.
• Develops, maintains, enhances, and implements information security policies and procedures, including
• the Information Security Policy Manual, Incident Response plans, playbooks, runbooks, and the Business Continuity Plan documents on a regular basis as changes occur.
• Coordinates and performs business continuity planning and incident response exercises on an annual basis within IT and with business champions. Coordinates and leads response efforts during security incidents.
• Manages, maintains, and monitors security technologies such as vulnerability scanning solutions, IDS/IPS, anti-virus technologies, DLP capabilities, SIEM technologies, EDR, host forensics and malware analysis, core and web application firewalls , network security groups, threat intel platforms, and proxy solutions.
• Oversees and collaborates with our Security Operations Center (SOC) provider to review threat alerts, reports, and ensures the team follows up on all actionable information.
• Receives guidance and collaborates with our vCISO to manage all security initiatives, risk mitigation plans, annual assessments, security audits, and penetration testing activities.
• Manages real time threat detection technologies to identify and quarantine threats, monitors endpoint security alerts and takes corrective action.
• Minimizes security threats by examining governance, technology infrastructure, and facilities to identify security deficiencies, using risk analysis and follow up with corrective action plan.
• Monitors internal control systems to ensure appropriate access levels are maintained, protects against unauthorized system access, modification and destruction.
• Reviews security related reports, logs and occurrences; escalates issues and initiates security response procedures.
• Creates and reviews vulnerability reports, tracks compliance with vulnerability management policies, and escalates.
• Researches and evaluates emerging technologies, latest cybersecurity threats, trends, tools, and best practices in support of security technology enhancements applicable to the organization's environment , proposes technical solutions to management, to address security weaknesses , and coordinates with relevant stakeholders to implement.
• Reviews, updates, and enforces data security practices within the organization; tests for exposures to ensure adherence to relevant regulations and frameworks (e.g., NIST, ISO 27001, PCI-DSS, HIPAA) and procedures and works with platform experts to implement remedial measures as appropriate.
• Tests security controls and manages the associated remediation of any deficiencies as needed.
• Assesses security information, triaging and responding to security events, identifying false positives, and conducts correlation analysis across numerous internal and external data sources while prioritizing information security incidents.
• Performs project management tasks for security initiatives and projects.
• Manages incident-handling processes, which include implementation of containment, protection, and remediation activities.
• Supports information security training and awareness by providing ideas and content and collaborates with the Training and Development department with updates to employee security awareness education and training.
• Manage multiple priorities and deadlines concurrently.
• Provides support after hours, on weekends, and through on-call rotation.
• Performs other duties as assigned.

Qualifications:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

• 7+ years in Information Security, or IT Operations management and systems administration with at least 5 years specific to IT Security and at least 2 years managing IT Security staff.
• Strong knowledge of Information Security design, principles, and processes; Experience in writing and maintaining information security policies, standards, and guidelines.
• Incident response experience is required; in-depth knowledge of Windows/Unix operating system forensics, event logging systems, authentication methods, remote and local web application security, and penetration testing.
• Demonstrated ability to monitor and audit network security systems such as Firewalls, IPS, SIEM, DLP, web proxy, NAC, and Vulnerability Scanners.
• Hands on experience with mitigating security controls (i.e., IAM, RBACs, anti-virus, IPS/IDS, DLP, web and network proxies, URL content filtering, multi-factor authentication, SSL VPNs).
• Familiar with regulatory compliance regulations (PCI, PII, HIPAA, GDPR, etc.).
• Strong knowledge of common security frameworks (ISO, NIST, etc.).
• Experience in risk assessments and vulnerability management.
• General knowledge of Endpoint protection solutions.
• Knowledge of mainstream operating systems (Microsoft Windows, Linux, IOS) and a wide range of security technologies.
• Microsoft Azure DevOps Security design implementation, automation is a plus
• General knowledge of Database technologies and queries (Microsoft SQL, MySQL, Oracle, etc.) is a plus
• Ability to independently identify, research and resolve issues with minimal amount of supervision, and ability to work with peers in a team effort.

Interpersonal Skills:

• Detail oriented with excellent communication, organization and analytical skills.
• Ability to plan, take initiatives to accomplish objectives in a timely fashion, and work independently.
• Ability to prioritize work and meet deadlines.
• Ability to establish and maintain effective working relationships with project team members, supervisors, and other employees.

Education and/or Experience: Bachelor's Degree in Computer Science, or a related discipline.

Language Skills: Speak, read, write and understand English

Reasoning Ability: High

Certificates, Licenses, Registrations: CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), or CISA (Certified Information Systems Auditor) certification are highly preferred.

Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals to perform the essential functions.

• Under 1/3 of the time: Standing, Walking, Climbing or Balancing, Stooping, Kneeling, Crouching, or Crawling
• 1/2 to 2/3 of the time: Sitting, Reaching with Hands & Arms
• Over 2/3 of the time: Talking or Hearing
• 100% of the time: Using Hands

Work Environment: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

• 1/3 to 2/3 of the time: Work near moving or mechanical parts, exposure to radiation, moderate noise.

Salary Range:

$150000.00 To 160000.00 (USD) Annually

Seniority level

• Seniority levelMid-Senior level

Employment type

• Employment typeFull-time

Job function

• Job functionInformation Technology
• IndustriesCivic and Social Organizations, Hospitals and Health Care, and Insurance and Employee Benefit Funds

Referrals increase your chances of interviewing at Building Service 32BJ Benefit Funds by 2x

Inferred from the description for this job

Medical insurance

Vision insurance

401(k)

Pension plan

Paid maternity leave

Paid paternity leave

Tuition assistance

Get notified when a new job is posted.

Sign in to set job alerts for “Information Security Manager” roles.

Jersey City, NJ $120,000.00-$140,000.00 4 weeks ago

Brooklyn, NY $184,000.00-$240,000.00 2 weeks ago

New York, NY $120,000.00-$180,000.00 2 weeks ago

Newark, NJ $180,000.00-$200,000.00 2 weeks ago

Jersey City, NJ $150,000.00-$190,000.00 1 week ago

Sr. Director, Information Security Officer

New York, NY $90,000.00-$110,000.00 1 week ago

New York City Metropolitan Area $170,000.00-$241,000.00 1 week ago

Jersey City, NJ $139,000.00-$171,000.00 1 week ago

Brooklyn, NY $85,000.00-$95,000.00 2 weeks ago

VP, Authentication Governance Senior Manager

Jersey City, NJ $140,000.00-$180,000.00 2 weeks ago

Senior Technical Program Manager, Audible Information Security and Security Engineering

Newark, NJ $133,900.00-$231,400.00 2 weeks ago

VP, Authentication Senior Manager (Business Administration)

Jersey City, NJ $140,000.00-$180,000.00 2 weeks ago

New York, NY $98,000.00-$100,000.00 6 days ago

Technical Program Manager, Operational Technology Cyber Security

New York, NY $156,000.00-$229,000.00 6 days ago

Senior Director, Data Governance & Privacy Operations (GRC) | Technology (Multiple Locations)

New York, NY $119,500.00-$266,000.00 2 weeks ago

New York, NY $200,000.00-$280,000.00 1 week ago

New York City Metropolitan Area $108,500.00-$146,000.00 1 week ago

Senior Audit Manager - Cyber Technical, Technology Audit

New York, NY $197,000.00-$291,000.00 2 weeks ago

Program Director, Fulton Reentry Community Center

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr