Cyber Security Manager
Location: Boston, Massachusetts
Location: Boston, MA
Duration: 6+ Months
Primary Responsibilities: The Cyber Security Manager is responsible for establishing and maintaining an enterprise-wide Information Security Management Program across all areas of the infrastructure to ensure information assets are securely protected. The Manager is responsible for identifying, evaluating, and reporting information security risks in a manner that meets the compliance and regulatory requirements. The Manager will be required to collaborate with upper management and other senior leaders in developing and maintaining the Program. This position reports to the IT Division’s Chief Information Officer.
Participates in information security governance and incident management.
Provides strategic guidance for information technology and other projects involving the integration of security controls.
Responds to, investigates, escalates, mitigates, and reports actual and attempted cyber security incidents. ? Initiates process improvements to reduce future occurrences of security incidents. ? Liaises with appropriate law enforcement and security information agencies. ? Participates in the development and maintenance of cyber-incident communication plans. ? Contributes to business continuity and disaster recovery planning, including development of impact analyses and continuity, and recovery plans. ? Attends appropriate meetings to address questions relating to security-related findings. ? Works within the IT organization to develop and coordinate a compliance schedule for addressing security related findings. ? Monitors the external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action. ? Assists in the planning and coordination of information security audits, including network security scans, vulnerability scans, penetration tests, etc. ? Maintains a strong awareness of applicable Massachusetts and Federal laws and proposed changes to ensure compliance.
Evaluates the current security posture, recommends improvements, and monitors effectiveness of controls. As an individual contributor, or in collaboration with cross-functional teams, the Cyber Security Manager is expected to document, implement, monitor, and manage security controls related to all IT information systems. ? Safeguards information systems by identifying and proposing mitigation plans and solutions for potential and actual security vulnerabilities. ? Oversees the development and implementation of information security policies and procedures. ? Provides regular and ad hoc reporting to senior business leaders and executive leadership on the status of the security programs. ? Facilitates and promotes activities to create security awareness and access management.
? Assists in the development of information security compliance training and awareness to all SOC staff members, contractors, interns, and consultants. ? Contributes to the development of the SOC budgets relating to information security management and associated monitoring costs.
Participates in the oversight of security controls of third parties. ? Supervises procedures for activating and terminating logical systems access for employees, vendors, consultants, and other third parties. ? Participates in the procurement, contracting, analysis, and design phase of new systems acquisitions (whether hosted or on-premises) to ensure precise security requirements are met.
Qualifications: A bachelor's degree and a minimum of six years of professional experience in information technology including systems administration, networking, application development, information security management, information technology risk assessment, and/or security reviews/investigations.
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM) preferred.
Knowledge, Skills and Abilities: ? Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences. ? Proven record of experience in developing information security policies and procedures, as well as successfully executing programs that meet the standards of excellence in a dynamic environment. ? Comprehension of security frameworks, standards, and best practices (e.g., NIST, COBIT, ISO 27001/2, SANS Top 20 Critical Security Controls, ISF Standard of Good Practice, etc.). ? Knowledge in one or more of the following functional capabilities: technology or security operations, risk governance, IT/IS compliance, data protection, threat and vulnerability management, data breach incident management, supplier/vendor risk management, security monitoring, access management, technology or security policies and standards, business continuity, IT risk management, and/or network security. ? Possess and demonstrate a strong ability to influence and achieve complex and demanding deadlines. ? High degree of initiative, dependability and ability to work with little supervision ? High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity. ? Project management skills to include financial/budget management, scheduling, and resource management. ? Excellent analytical and conceptual skills. ? The ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment, and meet the organization’s overall objectives. ? Adept at leading and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals.