Purchasing Power one of Atlanta’s fastest growing specialty e-retailers is seeking an Enterprise Security Manager to join our team in Atlanta, GA (Midtown). The Enterprise Security Manager will be accountable for the development and maintenance of information security procedures, strategy, and standards ensuring that they are aligned to business requirements, information technology strategy, legal/regulatory requirements, and leading industry standard frameworks such as PCI and NIST.
Duties – What you’ll do
- Responsible for the development and maintenance of information security policies, procedures, and standards and ensuring that they are aligned to business requirements, information technology strategy, legal/regulatory requirements and leading industry standard frameworks.
- Develop, publish and maintain security standards for all applicable technologies and information system.
- Develop and administer the corporate security awareness program
- Manage ongoing client initiated security assessments
- Develop and manage internal vulnerability and penetration testing program
- Develops and briefs leadership on progress and issues pertaining to IS policy development
- Help maintain a staff of knowledgeable experts in the areas of information security policy, standards, procedures, risk management, compliance certification and accreditation
- Manage external security vendors and service providers
- Bachelors in Information Systems or a related technical field
- Minimum 5+ years of experience working in an information security, information technology or information risk management related field
- Sound foundation with Networking, Linux, VMWare etc.
- Familiarity with MetaSploit or other similar testing tools
- Demonstrated experience in writing, publishing and maintaining information security and other related policies, procedures and standards
- Demonstrated experience in developing technical security standards in various technologies across the operating system, network, database and application layers
- Good knowledge and demonstrated work experience of the use of PCI 3.X control framework and Information Security Management System (ISMS) implementation
- Possession of industry certifications highly preferred including, but not limited to Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor, Certified Information Systems Security Professional (CISSP) and Information Systems Security Management Professional (ISSMP).