Senior Security Manager IT Risk
The Senior Security Manager manages Ken’s outsourced SOC, Artic Wolf Networks, and is the relationship owner for other outsourced/3rd Party relationships relating to IT security. They will ensure appropriate application of risk management methodologies, security products, and technologies to protect the company's systems and information.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following:
- Manages IT and company compliance issues. Produces detailed documentation including data flow diagrams, logical diagrams, and physical diagrams as required.
- Provides identity management and access control expertise for systems, networks, applications designs and architectures.
- Work across both Network, Infrastructure and Systems Administration functions to implement controls and best practices.
- Works as a liaison between IT and Operations Technology to ensure full and complete implementation of security controls, standards, and policies.
- Assists IT and Operations Technology with remediation planning and implementation.
- Establish and tests new and existing internal controls.
- Develop prioritized initiatives to address findings from both internal testing as well as from SOC.
- Work with Development to define and adhere to secure coding practices.
- Maintain all cybersecurity, IT Risk and Compliance, cyber insurance and other key documents (SSAE 16, SOC 1, WISP, Disaster Recovery, et. al.).
- Assists with development of the company’s Asset Management processes and procedures.
- Creates KPI’s, metrics, dashboards and reporting to measure the performance of the security organization.
- Commitment to safety begins with management. Managers and frontline supervisors are accountable for creating and maintaining a culture of Safety and assuring a safe work environment.
Education and/or Experience
Bachelor's degree in information technology or equivalent plus 5+ years of related work experience with IT Risk Management, or an equivalent combination of education and work experience; Good understanding of risk management principles, regulatory requirements, and industry best practices; Good understanding of General IT Controls, and Data Privacy Regulations; previous auditor experience a plus; Good understanding of IT systems and controls including Web systems, e-commerce, data centers, network infrastructure, patching, access controls, databases, cloud systems etc.
Certificates, Licenses, Registrations
CISM or CISSP Certification preferred.
SKILLS AND ABILITIES
- Analytical skills and the ability to organize work in a logical, thorough, and succinct manner.
- Flexibility to adapt to changing assignments and ability to effectively prioritize.
- Effective with written and verbal English communications at all levels, providing compliance guidance to project teams, management, and business partners.
- Demonstrated ability to operate and innovate in a small team with a fast-paced environment, balancing both strategic and tactical needs.
- PCI DSS
- SSAE 16
- SOC 1
- State and Federal Data Privacy Regulations (as applicable)
- Cloud Security