We are looking for Cyber Security Manager for our client in Boston, MA
Job Title: Cyber Security Manager
Job Location: Boston, MA
Job Type: Contract ? 12 Months / Contract to Hire / Direct Hire
"US citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time."
- The Cyber Security Manager is responsible for establishing and maintaining an enterprise-wide Information Security Management Program across all areas of the clients infrastructure to ensure information assets are securely protected.
- The Manager is responsible for identifying, evaluating, and reporting information securityrisks in a manner that meets the SOC's compliance and regulatory requirements.
- The Manager will be required to collaborate with upper management and other senior leaders in developing and maintaining the Program.
- This position reports to the IT Division's Chief Information Officer.
Participates in information security governance and incident management:
- Provides strategic guidance for information technology and other projects involving the integration of security controls
- Responds to, investigates, escalates, mitigates, and reports actual and attempted cybersecurity incidents.
- Initiates process improvements to reduce future occurrences of security incidents.
- Liaises with appropriate law enforcement and security information agencies.
- Participates in the development and maintenance of client cyber-incident communication plans.
- Contributes to business continuity and disaster recovery planning, including development of impact analyses and continuity, and recovery plans.
- Attends appropriate meetings to address questions relating to security-related findings.
- Works within the client organization to develop and coordinate a compliance schedule for addressing security related findings.
- Monitors the external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.
- Assists in the planning and coordination of information securityaudits, including networksecurity scans, vulnerability scans, penetration tests, etc.
- Maintains a strong awareness of applicable Massachusetts and Federal laws and proposed changes to ensure compliance.
Evaluates the clients current security posture, recommends improvements, and monitors effectiveness of controls:
- As an individual contributor, or in collaboration with cross-functional teams, the Cyber Security Manager is expected to document, implement, monitor, and manage security controls related to all client information systems.
- Safeguards information systems by identifying and proposing mitigation plans and solutions for potential and actual security vulnerabilities.
- Oversees the development and implementation of information security policies and procedures.
- Provides regular and ad hoc reporting to client senior business leaders and executive leadership on the status of the clients security programs.
- Facilitates and promotes activities to create security awareness and access management.
- Assists in the development of information security compliance training and awareness to all client staff members, contractors, interns, and consultants.
- Contributes to the development of the client budgets relating to information security management and associatedmonitoring costs.
Participates in the oversight of security controls of third parties:
- Supervises procedures for activating and terminating logical systems access for employees, vendors, consultants, and other third parties.
- Participates in the procurement, contracting, analysis, and design phase of new systems acquisitions (whether hosted or on-premises) to ensure precise security requirements are met.
- A bachelor's degree and a minimum of six years of professional experience in information technology including systems administration, networking, application development, information security management, information technologyrisk assessment, and/or security reviews/investigations.
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM) preferred.
Knowledge, Skills and Abilities:
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Proven record of experience in developing information security policies and procedures, as well as successfully executing programs that meet the standards of excellence in a dynamic environment.
- Comprehension of security frameworks, standards, and best practices (e.g., NIST, COBIT, ISO 27001/2, SANS Top 20 Critical Security Controls, ISF Standard of Good Practice, etc.).
- Knowledge in one or more of the following functional capabilities: technology or security operations, risk governance, IT/IS compliance, data protection, threat and vulnerability management, data breach incident management, supplier/vendor risk management, security monitoring, access management, technology or security policies and standards, business continuity, IT risk management, and/or networksecurity.
- Possess and demonstrate a strong ability to influence and achieve complex and demanding deadlines.
- High degree of initiative, dependability and ability to work with little supervision
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
- Project management skills to include financial/budget management, scheduling, and resource management.
- Excellent analytical and conceptual skills.
- The ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment, and meet the organization's overall objectives.
- Adept at leading and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals.