Security Manager

• Develop, implement, and maintain the security strategy roadmap.

• Develop and mature the agency’s information security program, ensuring compliance with relevant regulations and standard methodologies.

• Proactively monitor, evaluate, and implement standard methodologies related to enterprise information security practices. Provide internal guidance with respect to the agency’s response to emerging information security threats both internally and externally.

• Monitor the external threat environment for emerging threats and advise relevant business partners on the appropriate course of action.

• Serve as an expert advisor to executive leadership in the development, implementation, and maintenance of a strong information privacy and security program and infrastructure including network access and monitoring policies.

• Evaluate effectiveness of information security, privacy, and business continuity planning programs and procedures of third parties with whom the company engages as software, hardware, and/or service providers.

• Collaborate with other senior leaders and other departments to assess risks, coordinate mitigation efforts, establish internal controls, respond to incidents, and manage shared concerns. Investigate security breaches, communicate to key business partners and executive leadership, and provide remediation and resolution.

• Identify and mitigate security events and incidents, compliance issues, security team operational inefficiencies, application vulnerabilities, network/infrastructure, and other vulnerabilities.

• Review and evaluate technology and incoming new vendors and solutions for future risks and opportunities to improve IT security.

• Liaison with the enterprise architecture team to ensure alignment between the security and enterprise architecture, thus coordinating the strategic planning implicit in these architectures.

• Provide strategic risk guidance for the agency’s IT projects, including the evaluation and recommendation of technical controls. Oversee the security requirements in system development life cycle, business continuity planning, and disaster recovery.

• Liaison with the enterprise infrastructure and network team to develop vulnerability management program which includes automating vulnerability scanning, customized vulnerability assessment, and penetration testing.

• Coordination on network security including but not limited to IDPS/Firewall/WAF

• Perform risk assessments.

• Oversee agency IT security policies and procedures and ensure they are developed/updated/reviewed

• Overseeing remediation of federal and state IT security like POAMs, CAPs, etc.
  

Requirements

• Proven analytical ability to solve complex business and technical problems, critical thinker.

• Strong interpersonal skills to effectively collaborate with internal/external customers and senior management.

• Ability to cultivate networks with people from across a variety of business units, technology disciplines, and operational functions.

• Transparent leader with high integrity

• Strong people leader and developer of talent. Strong management, relationship building, and communication skills.

• Abreast on new tools and technologies related to information security.

• Poise and the ability to act calmly and competently in high-pressure, high-stress situations.

• Experience designing and maintaining information security policies and procedures.

• Demonstrated experience with various information security controls, including secure network architecture, systems security, encryption systems, and database security.

• Able to interpret technical security details and properly translate those into business terms for executive leadership.

• Develop and implement a multi-year information security roadmap and plan, which includes metrics to measure performance and can be understood by a variety of audiences.

• Deep knowledge and experience with security and regulatory compliance as well as external audits

• Proven track record and experience in developing information security policies and procedures as well as successfully implementing programs that meet the needs and goals of business units while meeting all federal requirements and regulations.