Job Listing: Information Security Manager

I. JOB SUMMARY

The Information Security Manager is responsible for developing and monitoring practices to ensure that business information is secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to authorized users in a timely fashion. Also serves as the process owner for all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards.
The ISM's duties include training in and dissemination of security policies and practices as well as developing strategies and plans to provide for timely business resumption in the event a serious disruption.
A large part of the role is also responding to external compliance bodies in terms of security policy compliance and responding corporate and field operations based issues, changing priorities and escalating issues where appropriate keeping all interested parties abreast of developments and recommendations in a timely fashion.

II. RESPONSIBILITIES

List the major responsibilities/duties in order of importance, beginning with the most important. In the left-hand column, indicate the percentage of time, on an annual basis, that the job requires for each stated responsibility/duty.

Time (%) Major Areas of Responsibility and Duties

30%
The monitoring of security procedures and practices against internal and external (e.g. CISP) standards. Review on a timely basis the various reports and log available. Investigate and report on noted irregularities
End-Result: A high level of security for our information and systems.

30%
Development of security policies our information systems. Be aware of and review the security features of new computing systems to ensure that they meet the security requirements of the existing policies. Review and propose changes to existing policy as conditions warrant. End-Result: Systems and information that comply with existing security policies and policies that reflect the existing requirements of the business systems to which they apply

15%
Security Awareness - Provide information on our security policies and practices for our employees as needed. Prepare and publish papers and/or articles on good security practice for use by our employees and others. Ensure that our sponsored training conforms to existing policies.
End-Result: A staff that is security aware and prepared to use the available security features of our administrative systems.

10%
Develop and publish a Business Resumption Plan for our computing systems as part of the overall Business Continuity Plan. Be aware of the requirements of the various departments at our in the event of a major disruption of computing/networking services and develop plans to provide timely business resumption if such an event occurs. Publish these plans to the appropriate managers and provide for regular testing of the plans.
End-Result: A contingency plan that will provide the required action to restore computing services in the event of a serious disruption of computing services.

10%
Ensure adequate security for new administrative systems and new sources or storage of information. Assist in the development of scenarios of usage, test for abnormalities or exposures. Prepare documentation to augment vendor materials and interpretations (in conjunction with Audit, Legal and Loss Prevention departments) of external information security compliance requirements. that include local enhancements and implementations.
End-Result: Fully documented security subsystems; awareness of shortcomings that can be used to develop counter measures to better secure systems. Secure information repositories.

5%
Maintain awareness of changes in industry. Attend classes and seminars as required to maintain a high level of proficiency in the fields of computing and information security and business resumption. Network with other information security professionals. Read about and be aware of the trends regarding BRP and Security in the industry.
The above statements are not intended to be an exhaustive list of all responsibilities, duties, or requirements for this position. They are intended to indicate the kinds of duties and level of work difficulty that is required and shall not be held to exclude other duties not mentioned that are of similar kind of difficulty.


III. JOB IMPACT

- This role has no direct responsibility for the Systems Infrastructure budget however the process and policies supported by this role have a far more significant impact in that they are the basis for protecting our systems capabilities and reducing exposure due to information access.

- Offer technical guidance and support to Application Development teams.
Interface with almost all company departments offering technical advice on system and information security.


IV. JOB LATITUDE

- Responsible for the development and maintenance of our systems and information security policies. This entails initial set up of the policies in conjunction with Audit, Legal, Loss Prevention and Operations staff to ensure compliance and practicality. Policies will be developed for all systems where security policies are not in place together with internal and external resources and experts.

- Responsible for a multi-platform environment and diverse systems and information. Each platform has it's own security systems which do not usually integrate with security in other environments creating opportunities for breaches. In addition, the knowledge required about each security system to properly understand the system and evaluate the risks is voluminous.

Responsible for ensuring adequately automated reporting mechanisms and production monitoring systems for security. Initially setting up and maintaining the ability to review information of activity in a manner that highlights unusual activities.

Responsible for a rapidly changing technical environment: as changes are made in the technical underpinnings of systems, it is therefore necessary to maintain a level of expertise on the security and information storage of diverse hardware and software. The speed with which these changes take place requires constant effort to update knowledge about security systems.

Conducts risk assessments and risk analysis to help the organization develop security standards and procedures that support strategic, tactical and operational objectives on a cost-effective basis.

- Decisions by the incumbent include day to day operational decisions regarding systems and information security matters impacting compliance, systems access and recoverability.

Recommend security and information protection enhancements Sr Director Development ensuring sufficient detail to enable decision making capability and facilitation of further discussion with the CIO and Senior Management where appropriate.

Coordinates the selection, installation, implementation, testing, and administration of information security software packages that will protect and monitor the integrity of data, application programs, computer operating systems, and communications networks.


V. JOB KNOWLEDGE

BS in Computer Science or MIS or equivalent experience.
Strong background in program analysis, development and testing skills
background in security concepts including experience in information or physical security or a related field.
A high level understanding of contemporary hardware and software architectures.

Minimum experience required to perform this job.

- 8 years experience in Systems and Information Security administration with at least 3 at the Manager level or higher
- At least 5 years of experience managing security of distributed and central systems environments and varied hardware/software platforms
- Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) rating is desired.
- A strong background in program analysis, development and testing skills
- A background in security concepts including experience in information or physical security or a related field
- A high level understanding of contemporary hardware and software architectures.

Minimum special skills, or job content knowledge required to perform this job.

- Strong inter-personal/communication skills
- Technical infrastructure proficiency
- Good verbal and written communication skills
- A high level of integrity and trust
- Knowledge of security hardware and software products that comply with current industry standards.
- Knowledge and understanding of technology-related state and federal regulations.
- System audit and remediation techniques
- Incident investigative and resolution procedures
- List specific jobs which could prepare an individual for this job.

Required Skills for Information Security Manager Job:

About TEKsystems:

Join TEKsystems® and get your career on the fast track. As the leading technology staffing and services firm, we are passionate about deploying high-caliber IT and communications expertise. To satisfy our constant need for expertise, we actively seek talented Technical Professionals with all levels of information technology and communications skills. TEKsystems knows that every professional has different needs, so we'll work together to determine a suitable benefits package. We offer options to our Technical Professionals that could include: a health plan, 401k, provisions for vacation and holiday pay, and technical and professional training. With a foundation as the nation's largest IT staffing firm, we've become a billion-dollar services company by blending superior client service with an unrivaled ability to source and manage talent to precise specifications, resulting in successful technology executions. Allegis Group and its subsidiaries are equal opportunity employers. M/F/D/V