The Sr. Information Security Manager will ensure that information security policies are aligned with HNI business strategy. This role will manage a team of security professionals focused on designing, implementing, and administering IT security policies, technologies, solutions, and processes to secure corporate applications, data, computers, and networks. The Sr. Information Security Manager plans and develops an IT security program and architecture that supports strategic corporate business objectives; develops and promotes IT security awareness and education programs throughout the company.
•Manages IT security systems, components, and processes which proactively protect the integrity, confidentiality, and availability of corporate business information.
•Responsible for identifying exposures and to recommend and develop corrective plans as appropriate.
•Must maintain knowledge of complex industry trends, current security issues and security technology and update management on risk and threat that could impact company business.
•Ensure proactive maintenance of the technology environment, including compliance with governance and regulatory requirements and security management.
•Promote continuous improvement by leveraging best practices and quality improvement methodologies.
•Develop metrics to gauge effectiveness of corporate security program.
•Works with upper management to determine acceptable levels of risk for the enterprise.
•Initiates and participates with external consultants and external/internal auditors to conduct independent corporate security risks assessments and audits; coordinates corrective actions for identified security exposures.
•Manages the development and implementation of enterprise security policy, standards, guidelines, and procedures to maintain the security or corporate networks and systems.
•Designs and implements an IT security architecture, infrastructure, and strategy to meet corporate information and data security requirements, business objectives, and government regulatory requirements.
•This job has direct supervisory responsibilities
To perform the job successfully, an individual must be able to perform each essential duty satisfactory. The requirements listed below are representative of the knowledge, skills and/or ability required. Reasonable accommodates may be made to enable individuals with disabilities to perform the essential functions.
•Bachelor’s degree in Computer Science, Engineering, or related discipline.
•CISSP (Certified Information Systems Security Professional) Required
•CISM (Certified Information Systems Manager) preferred
•CBCP (Certified Business Continuity Professional) preferred
•5+ years of direct security experience related to IT security program including governance, polices, risk management, architecture, awareness/training, as well as security operations to include operating systems, network, elements and protocols, client-server and Web architectures, firewalls, and intrusion detection systems.
•Demonstrated experience managing information technology and information security function.
•Demonstrated familiarity with applications security, database technologies, used to store enterprise information, directory services, and information systems auditing.
•Demonstrated experience with security information and event management applications and systems.
•Experience in the field of information systems security, including such areas as identity and access management, security program policies, processes and procedures, and various supporting security technologies.
•Demonstrated experience in establishing and managing flexible staffing, and sourcing models in an IT area.
•Demonstrated expertise in the research of best practices and technologies to fill identified business gaps.
•Demonstrated experience with verbal and written communication skills with senior management and executives.
•Demonstrated experience in information technology strategy, planning, implementation, information security program development, and administration including technical architecture design and technology assessment.
•Must have experience in developing and creating policies in support of compliance initiatives with excellent knowledge of Sarbanes-Oxley requirements, Payment Card Industry Standards and internal IT Audit Standards.
•Deep understanding and experience with privacy and regulatory compliance including information security enterprise risk assessments, PCI remediation, data protection and strategy.
•Familiarity with application security, database technologies used to store enterprise information, directory series, and information systems auditing.
•Demonstrated experience in effective resource and project planning, decision making, results delivery, team building, and the ability to stay current with relevant technology and innovation.
Job Req#: 0417028