Information Security Manager

Tanana Chiefs Conference


Apply Online: https://www.tananachiefs.org/careers

Reference Job Posting: IRC38796

Job Title: Information Security Manager

Organization Name: Information Systems

Job Summary: Incumbent is responsible for the development and delivery of a comprehensive information security program to optimize the security posture of the organization. This position leverages collaborations and organization-wide resources, facilitates information security governance, advises senior leadership on information security direction and resource investments, and designs appropriate policies to manage information security risk. This position must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting.

Adhere to the TCC Ch'eghwtsen' model of service and guiding principle which requires providing timely and effective service along with the ability to interact with others in a way that inspires trust and demonstrates respect, compassion and empathy.

Essential Functions: This list is ILLUSTRATIVE ONLY and is not a comprehensive listing of all functions and tasks performed by incumbent(s).

Representative Duties: Under the general supervision of the Executive Director of Information Technology incumbent will:

1. Work with the EDIT to develop a security program and security projects that address identified risks and business security requirements.

2. Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the EDIT with a realistic overview of risks and threats in the enterprise environment.

3. Work with the EDIT to develop budget projections based on short- and long-term goals and objectives.

4. Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT division.

5. Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.

6. Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.

7. Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.

8. Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff.

9. Work as a liaison with vendors and the legal and purchasing divisions to establish mutually acceptable contracts and service-level agreements.

10. Manage production issues and incidents, and participate in problem and change management forums.

11. Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.

12. Serve as an active and consistent participant in the information security governance process.

13. Work with IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.

14. Provide support and guidance for legal and regulatory compliance efforts, including audit support.

15. Consult with IT and business staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.

16. Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

17. Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.

18. Work with the IT teams to ensure that there is a convergence of business, technical and security requirements; liaise with IT managers to align existing technical installed base and skills with future architectural requirements.

19. Coordinate, measure and report on the technical aspects of security management.

20. Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

21. Manage and coordinate operational components of incident management, including detection, response and reporting.

22. Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.

23. Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

24. Manage security projects and provide expert guidance on security matters for other IT projects.

25. Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.

26. Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.

27. Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.

Other Responsibilities:

1. Performs other job related duties as assigned.

Minimum Qualifications:

1. A minimum of seven years of IT experience, with five years in an information security role and at least two years in a supervisory capacity.

2. Bachelor's Degree in Information Systems, Information Security, Information Technology, or related field(s) required, equivalent combination of education and experience may be substituted in lieu of degree.

3. Relevant professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, and GSEC.

4. Valid driver's license with clean driving record.

5. Must pass background check pursuant to Federal Indian Child Protection and Family Violence Prevention Act requirements.

Knowledge, Skills and Abilities:

1. Strong leadership skills and the ability to work effectively with business managers, IT division staff.

2. The ability to interact with TCC personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.

3. A strong understanding of the business impact of security tools, technologies and policies.

4. Strong leadership abilities, with the capability to develop and guide information security team members and work with minimal supervision.

5. Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT division, project and application teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.

6. Experience working with legal, audit and compliance staff.

7. Experience developing and maintaining policies, procedures, standards and guidelines.

8. Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.

9. Familiarity with applicable legal and regulatory requirements, including, but not limited to, the Health Insurance Portability and Accountability Act (HIPAA), and the Alaska Personal Information Protection Act.

10. Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.

11. Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.

12. Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.

13. Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

14. An understanding of operating system internals and network protocols.

15. Familiarity with the principles of cryptography and cryptanalysis.

16. Experience in application technology security testing (white box, black box and code review).

17. Experience in system technology security testing (vulnerability scanning and penetration testing).

Supervision: This position provides general and direct supervision for staff on the information security team within the IT division.

Physical demands: Job incumbent must be able to lift and carry up to 40 pounds in support of equipment and supplies. Position requires recurring bending, stooping, kneeling, reading, handling, speaking, hearing, and seeing. Position may require extended periods of standing. May be required to work weekends and evenings. Travel to remote villages required. May be subject to harsh conditions while traveling. Conditions may include but are not limited to the following: travel by unpressurized aircraft, travel by 4WD vehicles, travel by snowmobile, travel by boat, lack of running water or waste facilities, poor heat, and extreme weather conditions.

Fairbanks, AK

2 year(s) ago