IT Security Program Manager

Summary

The Information Security Program Senior Manager will be responsible for managing and administering the information security program at Pace Industries (“Pace”). The Information Security Program Senior Manager will maintain and mature policies, procedures and guidelines to ensure information and assets are adequately protected.  Will also work cross-functionally with the business, with IT and supporting business functions to identify, develop, implement, and evolve information security controls and processes. This role will oversee Pace’s incident response. This role is responsible for protecting our critical information systems, assets, designing and implementing solutions, providing training, and assisting in the development of an overall Information Security strategy.

Principal Duties and Responsibilities

(But not limited to…)

Manage the Information Security Program

• Manage the information security program, providing governance risk and compliance oversight and execution and the management of information security related processes based on NIST Cybersecurity Framework
• Develop, seek approval and manage budgetary allocations for security initiatives and allocate resources effectively.
• Develop, maintain and communicate information security policies, standards, procedures, and other documentation
• Define, manage and coordinate independent Information Security Controls Audits & Assessments and Annual Penetration Testing/Risk Prioritizing/Remediation Management
• Conduct regular review and update of the Information Security Risk Register, including the regular tracking and review of risk assessments and risk treatment plans.
• Coordinate with Plant and Business Users to understand and assess the risks to the confidentiality, integrity, or availability of data in their areas, to the security risks to Plant Production operations and assisting in identification and execution of risk mitigation strategies and controls
• Stay current and informed of the latest security issues that may pose a threat to Pace’s environment
• Review proposed changes to Pace’s Infrastructure and Application architecture to ensure that the changes consider, and are modified to reflect information security needs
• Guide incident response activities including standard IR procedure documentation, identifying root cause, threat hunt where warranted, identifying control improvements, assessing impact and reporting
• Manage Third Party Incident Response Retainer contract and services
• Lead Incident Response Testing & Readiness exercises, such as table-top exercises
• Develop key performance indicators (KPIs) and metrics to measure program effectiveness.
• Identify and lead Continuous Improvement initiatives for the Program

Build and Maintain a Culture of Security

• Design, develop and deliver an information security training and awareness program and ensure that it is delivered accordingly,
• Provide regular updates on information security, including risks, performance indicators, metrics and threats, to the Vice President of IT, to the Cyber Risk Committee and for the Audit Committee of the Board
• Mentor, coach and develop Information Security as well as IT Team members on Security topics

Manage the Information Security Architecture and Roadmap

• Evolve and Manage the Information Security Program Technology Roadmap, Architecture and Standards to  simplify, optimize (cost and performance) and improve technology effectiveness against cyber threats to Pace business:
• The Information Security Technology Architecture Roadmap, Requirements and Standards includes Network Security & Segmentation, Zero Trust Architecture, IPS/IDS, IAM, Cloud Security, SIEM, SOC, Email Gateway, Web Gateway, Security Event Logging and Monitoring, Endpoint Security, IT and OT Security, Patch and Vulnerability, Encryption, etc.
• Evaluate, architect, design, implement, and manage security-focused tools and services including on-prem solutions, cloud-based security solutions and solutions delivered by MSSP partners. 
• Collaborate and partner with internal IT technology leadership and with external 3rd party technology and services providers for technical security roadmap, RACI, implementation and operations
• Manage 3rd party partners and vendors supplying cybersecurity-related services
• Partner with third-party vendors to deliver software security tools and services

Please note that the duties and requirements described herein are intended to represent general contents of this job. This is not to be construed as an exhaustive statement of duties and responsibilities.

Qualifications

• Bachelor’s degree or equivalent
• 7 years of information security experience; including leadership roles
• Professional information security certifications (CISSP, CISM, CCISO, CISA, CRISC)
• Experience in risk, compliance and information security policy development
• Solid knowledge of various information security frameworks, including NIST Cybersecurity Framework, ISO 27001, NIST SP 800-171 and TISAX
• Demonstrated ability to research, develop, and keep abreast of security tools, techniques, and process improvements in support of threat prevention, detection and analysis following current and emerging threats

Skills

• Knowledge of laws, regulations and commercial compliance requirements including but not limited to: IATF, TISAX, DFARS, ITAR.
• Manufacturing experience is preferred
• Strategic thinking and problem-solving abilities.
• Strong prioritization skills to evaluate multiple business needs and identify the top needs based on a balanced approach
• Ability to work with key stakeholders to gain consensus on priorities
• Excellent organizational and communication skills (both oral and written)
• Excellent problem-solving and analytical skills
• Ability to interact with all levels of the organization, from production associates to senior leaders
• Ability to educate a non-technical audience about various security measures
• Ability to function as a team player and be comfortable leading without authority
• Ability to build credibility and trust
• Ability to influence and drive change.
• Ability to influence leaders and change their paradigms
• Must be proficient with the use of the Microsoft Office Suite (Outlook, Word, Excel and PowerPoint)Strong leadership and communication skills.

Pace Industries offers competitive salaries with full benefits, including health/dental/vision/life/disability, PTO, and 401k with employer match.

Pace Industries is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.

Pace is a career destination for engaged, passionate and talented people who are driven to seek the innovation, growth and opportunity that only we offer.