Manager Info Sec

Sterling Jewelers   •  

Akron, OH

Industry: Retail / Diversified

  •  

8 - 10 years

Posted 371 days ago

Whilereporting to the Director of ITSecurityEngineering and Operations, The Manager InformationSecurity is a key member of the Information CyberSecurity team, which provides informationsecurity andrisk management support for all Signet Jewelers businesses. This position leads a team ofsecurity analysts and evolves the management of InformationSecurity and Operations Program which includessecurity assessments,security tools management, incident response task, penetration testing, and applicationsecurity review activities across the Signet Jewelers enterprise. These activities will be conducted and performed to identify ITriskand vulnerabilities to the company to drive awareness, understanding, and remediation of potential exposures to the business.

This position will provide guidance and direction in leading the security team’s operational, tactical, and strategic planning to evolve and adapt the risk and securityarchitecture management activities to align and support business objectives, minimize adverse threat impact, and foster productive partnerships across the organization. Serves as trusted advisor and security consultant to identify and communicate risk trends and considerations in support of remediation plans in collaboration with business partners across Signet.
 

The Manager manages the development, planning, execution, and reporting of risk assessments, penetration testing, securityarchitecture strategic decisions, and application security assessment activities; establishes and maintains regular written and in-person communications with the organization’s executives, department heads, and end users regarding pertinent risk and vulnerability assessment activities.

Responsible for making decisions in such a way that risk is identified, communicated, and effectively mitigated;  directs and manages project initiatives from beginning to end; define project scope, objectives and deliverables that support business goals in collaboration with senior management and stakeholders; effectively communicate pertinent risk information to management, business constituents, team members and appropriate audiences in a timely and clear fashion; liaison with business partners across the organization in an ongoing basis; build, develop, and grow any business relationships vital to the success of the project.
 

Challenges others to develop as leaders while serving as a role model and mentor; manages the development of team by ensuring, when possible, that project tasks are in line with career interests; inspires co-workers to attain goals and pursues excellence; identifies opportunities for improvement and makes constructive suggestions for change; manages the process of innovative change effectively; remains on the forefront of emerging industry practices; consistently acknowledges and appreciates each team member's contributions; effectively utilizes each team member to his/her fullest potential; motivates team to work together in the most efficient and synergistic manner.

Requirements/Qualifications

  • 7+ years of direct managerial experience with Security Operations, Engineering, Risk and Security Architecture programs.
  • 5+ years overall experience in Cyber-security.
  • Bachelor’s degree or higher is preferred but experience may be substituted with experience
  • Demonstrated knowledge of information security principles, standards, practices and subject areas.
  • Industry certifications as CISSP, GSEC, CEH and/or Sec+(Preferred but not required)
  • Industry certifications in networking, such as CCNA, CWNA and/or Net+(Preferred but not required)
  • Excellent written, oral, and presentation skills.
  • Excellent interpersonal skills.
  • Ability to conduct and direct research into IT security issues, trends, and solutions as required.
  • Ability to present ideas in business-relevant and user-friendly language.
  • Proven analytical, evaluative, and problem-solving abilities
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Strong understanding of key security frameworks (NIST 800, OWASP, ISO-27001 etc.).
  • Strong understanding of PCI, HIPAA, SOX, and other governmental and industry compliance standards.
  • Experienced with ISO and ITIL.
  • Track record of partnering with other teams in different departments to build relationships that further Penetration Testing and Security.
  • 4+ years network/system architect/engineeringexperience.

REQ_7004