Manager, IT Risk

POSITION SUMMARY

The Manager of IT Security & Compliance will be a technical leader providing security and compliance solutions. This role will be responsible for expanding upon the mode of operation to ensure there is continuous improvement in identifying, managing, monitoring, and communicating security compliance.  The role will include partnering closely with various areas of business units, including the IT organizations, Internal Audit, legal, DPO, and other functions in order to align on business processes, security, and compliance monitoring.  Establishing relationships with all levels of business leadership, improving compliance within the company, and providing Cybersecurity expertise in this area are key to the role's success.  The responsibilities associated with this role will be to expand, improve, oversee and govern the security compliance policies, requirements, processes, and ongoing monitoring.  Must be a team player that is extremely effective at communicating IT security controls with the business and working collaboratively across the organization resulting in the improvement of security and compliance in Solaire IT Operations.

JOB RESPONSIBILITIES

• Oversee the security and compliance of IT systems in accordance with our internal policies, standards, processes, and procedures, scheduled internal audits on computer systems, servers, networks, business applications, and IT Services as required in order to maintain compliance.
• Collaborate with external auditors, third parties, and customers to facilitate and respond to audit requests and gathering of evidence.
• Govern the IT security policies, processes, and tools to manage and maintain the security compliance and audit systems and their corresponding or associated services.
• Designs and conducts regular audits of computer systems to determine that they are operating securely and that data is protected from both internal and external attacks.
• Perform subject matter expertise support in order to establish security compliance implementation with the IT systems
• Establish the communication and management of detailed reporting regarding security compliance to the business areas across the company
• Conduct meetings to review security compliance concerns with responsible parties and work with them on compliance improvement opportunities
• Interface with all areas of the business to pursue program improvements, increase visibility and improve security compliance within Solaire IT infrastructure on-prem and cloud.
• Balance, prioritize and troubleshoot multiple priorities/streams of work
• Assess and understand the big picture and spot organizational impacts based on business requirements.
• Ensures that application security procedures meet business requirements and that information is safeguarded against unauthorized use, disclosure or modification, and damage or loss.
• Oversees the implementation of appropriate access controls to ensure that access to systems, data and programs are restricted to authorized and trained users. Oversees the destruction of highly sensitive confidential information in accordance with policies and procedures.
• Serves as a subject matter expert concerning security procedures and audit compliance.
• Provides leadership and work guidance to less experienced personnel.
• Deliver strong written and presentation skills.

QUALIFICATIONS AND REQUIREMENTS

• 7 years of experience in a IT Security and Compliance
• ​Bachelor's degree in Computer Science or any related IT discipline
• (CEH) Certified Ethical Hacker – Skilled in penetration testing application tools, techniques, and methodologies.
• CompTIA Cyber Security+ - Essential principles for network security and risk management.
• CompTIA Network+ - IT network infrastructure, configuration, and troubleshooting
• CCNA / CCNP Security - Enterprise advanced routing and switching technologies with security hardening methodologies.
• (CISA) Certified Information Security Auditor
• Excellent knowledge of Information Security Methodology
• Working knowledge of the appropriate security standards and frameworks, including ISO2700, NIST, CyberSecurity Frameworks, and other industry standards.
• Expert level around Cyber Kill Chain and MITRE ATT&CK methodologies and framework.
• Expert level of Network Security devices e.g. Firewall, Web Proxy, Routers, and Switches ACLs.
• Experience working with corporate-level security systems and implementation procedures, e.g. Data Privacy Act (DPA)
• Experience working with corporate and government security regulations, e.g. National Privacy Commission (NPC)
• Good communication skills to interact with team members and support personnel
• Good skills in implementing and configuring network security devices and components.
• Good analytical and problem-solving skills for resolving security issues
• Organization skills to balance and prioritize work
• Ability to work independently and as part of a team
• Understanding of ITIL Service Delivery Framework
• Professional and committed to deliver with service excellence value.