Sr. Manager, Security and Risk Management
Title: Sr. Manager, Security and Risk Management
Reports to: Chief Technology Officer
Type: Full Time / Permanent
The Sr. Manager of Security and Risk Management is primarily responsible for ensuring the security of the CyberGrants corporate and production environments by determining security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures; mentoring team members; participating in corporate governance related to security, risk management, and compliance; and working with CyberGrants' prospects/clients regarding security questionnaires, assessments and on-site visits.
The ideal candidate will possess both the technical skills and experience related to current security practices, methods and trends (i.e., System and Security Architect) along with the managerial and leadership capability necessary to interact with CyberGrants' management and clients.
Primary Duties and Responsibilities
- Review, define, and update the standards, policies, and procedures necessary to ensure the integrity and security of our corporate and production environments.
- Work closely with IT and Operations to ensure the proper controls, mechanisms and monitoring are in place to ensure compliance with, and proper execution of, our defined policies.
- Annually, conduct training sessions to ensure that all employees are familiar with their duties and responsibilities related to compliance with defined policies.
- Annually, manage the SSAE-16 audit process to ensure that we obtain proper SOC certification.
- Work closely with Sales Solution Architect to review security and infrastructure responses within RFPs.
- Respond to compliance inquiries, security questionnaires, and information security audits on an ongoing basis.
- Coordinate and lead any on-site client risk assessments and information security audits.
- Plan, schedule, manage, and implement remediation projects/activities to resolve any findings from either CyberGrants' or clients' risk assessments.
- Conduct regular testing (e.g., vulnerability scans and penetration tests) according to defined policies.
- Participate in Risk Management Governance meetings and activities.
- Participate in Business Continuity and Disaster Recovery Governance meetings and activities.
- Annually, conduct assessments of third-party vendors (according to defined Vendor Management policy).
- Maintain awareness of, and expertise in, the latest security trends, issues and requirements to prevent any emerging security exposures for impacting our environment.
- Work with VP, Product Development to define and manage application vulnerability guidelines and assessments.
- Work with CTO to achieve the correct balance of security/privacy protection, in a cost effective manner, while maintaining maximum worker productivity.
Qualifications and Experience (Required)
- Undergraduate degree (BS, BA) from accredited university.
- 10-15 years overall IT experience
- 5-10 years’ experience as Systems/Security Architect. Specifically, strong technical skills and experience with security architecture, security best practices, and system architecture.
- Strong familiarity and experience with information security practices, methods and trends.
- 5-10 years technical experience/familiarity with most of the following:
- Desktop and Server Operating Systems (Windows, Solaris, Linux)
- Database Systems (Oracle, MySQL)
- Network Devices (Cisco, Barracuda VPN, etc.)
- Networking security, protocols, standards, intrusion detection/prevention
- IT Security Practices (i.e., Firewalls, AV/Malware Protection, etc.)
- Remote Security (VPN's)
- Access Security
- Physical Security
- Laptop/Mobile Device Security
- Data Loss Prevention (DLP)
- Security Incident Response
- Disaster Recovery and Business Continuity
- Information Security, Retention, and Disposal
- Risk Management and Compliance
- Information Privacy
- 5-7 years management experience.
- Excellent communications skills (verbal, written, and presentation).
- Demonstrated ability to interact with clients and management.
Qualifications and Experience (Optional):
One or more of the following qualifications and experience are highly desirable:
- Training/certifications in one or more of the following – CISSP, Security Architecture Design, Security Awareness, CISA, CISM.
- Security experience with large enterprise IT organization.
- Experience as risk assessor/auditor.
- Post-graduate degree.
- Undergraduate degree (BS, BA) from accredited university; Post-graduate degree is a plus
A CyberGrants person is...
CyberGrants is successful because of the highly motivated people who work here and their deep enthusiasm for customer service and philanthropy. We recruit individuals whose honesty, integrity, initiative and creative approach to problem solving shines through. Your passion and commitment will inspire your colleagues as you continue to place the client at the center of everything you do.
For consideration, please send résumé & cover letter, with salary requirements to firstname.lastname@example.org.