IT Security Manager

Company DescriptionFor over 100 years, BlueScope continues to build on our reputation of quality brands and products, leading technology and a customer-first spirit. Through our global brands, we are one of the largest manufacturers of building solutions in the world. Our diverse, bright and inspired workforce is committed to bettering the communities we serve through breakthrough thinking and innovations. Your goals, ideas and perspective can help shape our future – we look forward to hearing them!   The Information Systems department provides tools and automation to store, organize, and manipulate data while making that data easily retrievable.  Various hardware and software tools, along with support, combine to enable these functions in a cost-effective method that helps to increase efficiency and  accuracy.Job DescriptionThe IT Security Manager establishes and maintains a business wide information security management practice to ensure information assets are adequately protected. The Manager identifies, evaluates, and reports on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The IT Security Manager proactively works with business units to implement practices that meet defined policies and standards for information  security. They also oversee a variety of IT-related risk management activities.Manages the day-to-day activities of threat, vulnerability, and risk management, including remediations, communications and reporting.  The risk tolerance levels for information  security are set globallyManages and maintain the company’s Incident Response, Business Continuity Plan and Disaster Recovery Plan. Develops and oversees effective disaster recovery policies and standards to align with business continuity management goals. Coordinates the  development of implementation plans and procedures to ensure business-critical services are recovered in the event of a security event. Provides direction, support, and in-house consulting in these areas.Interfaces with peers in the development and network departments as well as with leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operationManages security exemption processes, particularly where it involves shared risks to the company’s systems and data.Creates, communicates, and implements a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.Develops and manages information security budgets and monitors them for variances.Develops and maintains a strong and effective team with clear accountabilities and directionDefines and facilitates the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.Manages audits and governs delivery of findings. Researches, evaluates, designs, tests, recommends or plans the implementation of new or  updated information security hardware or software, and analyzes its impact on the existing  environment; provides technical and managerial expertise for the administration of security tools.Understands and interacts with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services. QualificationsMinimum: • Bachelor’s degree or 4 years of additional experience in lieu of degree. • 7 years of IT experience • 5 years of experience in an information security role  • 2 years of experience in a supervisory capacity.Preferred: • Master’s degree in the field of business administration, computer science, finance, or information systems • 7 years of experience in information security management or related functions • Information Security Management qualifications such as (ISC) Additional InformationThe preceding job responsibilities and tasks were designed to indicate the general nature and level of work performed by associates in this job.  It is not designed to contain or be interpreted as a comprehensive inventory of all job duties and responsibilities required of associates assigned to this job.  Associates may be required to perform other duties as assigned.  Additional job competencies, individual goals, and performance measurements are set at the department level.The benefits are just as rewarding as the work at BlueScope.  To support our goal, we offer a total compensation plan and an outstanding benefits package that includes health insurance, life insurance, short and long term disability, paid time off, and retirement. EEO Employer/M/F/Disabled/Protected VeteranBlueScope is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status, as a protected veteran, among other things, or status as a qualified individual with disability.  #AT- Hybrid#AT-AT1