Information Security Manager
Reports To: Vice President, Enterprise Security
This is a Supervisory Position
Functions Supervised: Information Security
Primary Functions: Manage the planning, implementation and utilization of enterprise security for the credit union's information systems, software applications and the network.
Duties and Responsibilities:
- Manages assigned personnel by: recruiting and maintaining a trained staff, making employment, promotion and transfer decisions; and ensuring effective use of assigned resources.
- Develop, recommend, implement and oversee the enforcement of policies, standards and procedures for all Credit Union and subsidiary systems and application security features including firewalls, intrusion detection systems, anti-virus software, networks, data bases, remote access by employees and business partners and application systems based on industry-standard best practices.
- Oversee the review of end user accounts, permissions and access rights for enterprise wide systems, corporate databases and network access. Manage the review of functions performed by System Administrators for server based applications.
- Oversee the review of server, firewall, intrusion detection and network logs for unusual or suspicious activity. Interpret activity and initiate follow-up to take appropriate corrective actions.
- Design, schedule and oversee periodic penetration testing to identify system/network vulnerabilities.
- Recommend tools to improve information protection, including assisting Information Management in the evaluation and selection of information security related products and services.
- Perform periodic reviews of information security practices to ensure that access to information is effectively managed and data is secure. Enforce information security controls to prevent unauthorized access to the information assets of the credit union.
- Manage the Information Security incident response program to include: securityevent tracking, incident investigation, and otherinvestigations requested by executive leadership. Coordinate with Internal Audit, Security, Personnel Services, and Executive Management for further investigation and/or appropriate action in accordance with the Information Security incident response program.
- Develop, recommend, and implement the enforcement of policies, standards and procedures for information security systems.
- Assist Corporate Education in the development and delivery of information security awareness and training materials.
- Maintain a thorough knowledge of the credit union's processing environment. Keep abreast of trends, emerging technologies and new threats involving corporate security practices.
- Perform other duties as assigned.
Education: Bachelor’s degree in computer science or a related field.
Creditable Experience in Lieu of Education: Six to eight years experience in security administration, audit and/or Information Technology field, with at least two years in a supervisory/management role. Certified Information Security Manager.
Experience/Skills: Minimum of six years progressive experience in a technical, EDP audit and/or security administration position. Working knowledge of firewalls, routers, intrusion detection systems, anti-virus software, data encryption techniques, relational data bases and PC/server operating systems. In-depth knowledge of the security features of Windows operating systems. Thorough knowledge of TCP/IP and network administration/protocols. Demonstrated analytical and complex problem-solving abilities. Strong supervisory/management skills. Excellent interpersonal, written and oral communication skills. Must have a work history reflecting professionalism
Tenure: Not applicable
Requisition Number 17-0704