The IT Security Manager performs two core functions for the enterprise. The first is overseeing the operations of the enterprise’s security solutions of the organization. The second is establishing an enterprise security stance through policy, architecture and training processes. Secondary tasks will include the selection of appropriate security solutions, and may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures, identification, investigation and resolution of security breaches detected by those systems, as well as conducting vulnerability audits and assessments.
The IT Security Manager is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.
Strategy & Planning
- Create and maintain the enterprise’s security architecture design.
- Create, and maintain the enterprise’s security awareness training program.
- Create and maintain the enterprise’s security documents (policies, standards, baselines, guidelines and procedures).
- Create and maintain the enterprise’s Business Continuity Plan and Disaster Recovery Plans, where appropriate.
Acquisition & Deployment
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise’s existing procurement processes.
- Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
- Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
- Ensure the enforcement of enterprise security documents.
- Supervise all investigations into problematic activity and provide on-going communication with senior management.
- Supervise the design and execution of vulnerability assessments, penetration tests and security audits.
- Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents.
- Engage in ongoing communications with peers in the Systems and Networking groups as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.
Experience & Qualifications
- College diploma or university degree in the field of computer science and/or several years equivalent work experience.
- One or more of the following certifications:
- GIAC Security Essentials Certification
- GIAC Security Leadership Certification
- ISACA Certified Information Security Manager
- Microsoft Certified Systems Engineer: Security
- (ISC)2 SCCP
- (ISC)2 CISSP
- (ISC)2 ISSAP
- Extensive experience in enterprise security architecture design.
- Extensive experience in enterprise security document creation.
- Experience in designing and delivering employee security awareness training.
- Experience in developing Business Continuity Plans and Disaster Recovery Plans.
- Experience in administering IT security controls in an organization.
working technical knowledge of infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
- Working technical knowledge of IPS/IDS and SIEM technologies.
- Strong understanding of IP, TCP/IP, and other network administration protocols.
- Familiarity with Investigative and analytical techniques, procedures and requirements.
- Familiarity Windows workstation and server administration experience preferred