Business Information Security Manager - Full-time / Part-time

POSITION PURPOSE – The Business Information Security Manager (BISM) plays an integral part in the development, implementation, and compliance of information security across the enterprise. The BISM is responsible for managing risks related to information security, physical security, privacy, and compliance.

MAJOR TASKS, RESPONSIBILITIES AND KEY ACCOUNTABILITIES -            

• This position will report to the Chief Information Security Officer and will be responsible for the following activities within a given IT Portfolio:
• Ensuring effective implementation of information security standards, processes and procedures, and guidelines for the enterprise
• Ensuring and monitoring security compliance with industry and government rules and regulations
• Ensuring security compliance and meeting all service-level agreement requirements
• Reporting security performance against established security metrics
• Understanding the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balancing this with risk investments
• Supporting an information security awareness program to ensure staff members across the organization understand the trade-off between risk and return
• Coordinating with technology and business groups to assess, implement, and monitor IT-related security risks/hazards
• Lead investigation of high level complex violations of Information Security Policies and direct activity to analyze forensic data from Sr. Analysts.
• Develop recommendations and take appropriate action. Present to Information Technology management development/implementation plan for secure solutions.
• Present findings to manager on compliance reporting for Information Securities Policies. Drive the Disaster Recovery and Business Continuity strategy.
• Provide technical direction to analysts, associates and contractors.
• Develop Information Security Policies, Standards and Guidelines.
• Automate access provisioning across supported systems and applications with documentation. Direct, define and provide audit reporting.

MINIMUM QUALIFICATIONS –

• Professional experience in analyzing and applying information security, risk management, and privacy practices
• Experience in strategic planning, budgeting, and allocation
• Security consulting and general industry experience
• Experience in law enforcement and/or national security is highly relevant
• Knowledge of national and international regulatory compliances and frameworks such as NIST,PCI, ISO, etc.

EDUCATION REQUIRED - The knowledge, skills and abilities typically acquired through the completion of a high school diplomas and/or GED. BS Computer Science or related field, MS a plus

YEARS OF RELEVANT WORK EXPERIENCE - 5

CERTIFICATES/LICENSES – Industry certifications - CISSP, CISM, CISA, CCFE, GIAC, CCIE, CCSP, CBCP, ABCP, MBCP. 1+ years of experience in network, system or application architecture design, implementation or support. 1+ years application security knowledge in an application used at THD. 7-10 years of related experience.

ADDITIONAL QUALIFICATIONS - Direct hands-on experience with one or more of the following InfoSec solutions: Anti-Virus, intrusion detection, firewalls, content filtering, risk assessment.

PREFERRED QUALIFICATIONS

Excellent verbal and written communication skills

Ability to react to high pressure dynamic changing environments

Ability to train on relevant security concepts

Strong problem solving and analytical skills

Ability to partner and communicate effectively with IT and business leadership

KNOWLEDGE, SKILLS, ABILITIES AND COMPETENCIES - Assessment tools, technologies and methods. Designing secure network, systems and application architectures. Disaster recovery, computer forensic tools, technologies and methods. Planning, researching and developing security policies, standards and procedures. System administration role with experience in supporting multiple platforms/applications.

NATURE AND SCOPE - Typically reports to the Chief Information Security Officer. No associates report to this role on a permanent basis, but requires the leadership of a work group: assign and review work, train and contribute to performance appraisal (but not hiring, firing or disciplinary action).

ENVIRONMENTAL JOB REQUIREMENTS - Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable. Typically requires overnight travel less than 10% of the time.

PHYSICAL JOB REQUIREMENTS - Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.