IT SECURITY MANAGER
The IT Security Manager performs two core functions for the enterprise. The first is establishing and enforcing an enterprise security stance through policy, architecture and training processes. The second is overseeing the operations of the enterprise's security solutions through close interaction with Network, Computer Operations and Systems Applications support teams. Secondary tasks will include the selection of appropriate security solutions, and oversight of any vulnerability audits and assessments. The IT Security Manager is expected to interface with peers in the Operations, Systems and Network teams as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation.
- Protects information system assets by developing security strategies and designing and implementing system controls, access management, monitoring, and continuous threat evaluation.
- Perform risk audits and surveys to determine the real threats to the company’s information security. Determine whether a risk can be eliminated by changing or eliminating processes, or if a risk can be mitigated or reduced by the application of a technology.
- Evaluate security incidents or breaches and determine who perpetrated the incident, how they did it and the resulting level of security exposure. Take appropriate action to eliminate the particular security vulnerability that allowed the incident to occur. Document the entire incident through resolution to eliminate or reduce security vulnerabilities from recurring in the future, and properly report incident to appropriate reporting channels.
- Develops security awareness by development of orientation and training programs and counsels IT staff and end users.
- Advises senior management by identifying critical security issues and recommending risk-reduction solutions.
- Exercise authority to implement security controls across all technologies including mobile devices, personal computers, servers, storage, Web portals and DMZs, networks and plant process control systems.
- Bachelor’s degree in computer science, mathematics, engineering, or information systems required
- 4-6 years of progressive IT experience
- Working knowledge of security technologies, application architecture, data bases, servers, storage, operating systems and networking
- Certified Information Systems Security Professional
- Fluency with the Spanish language preferred