Manager Information Security

Job Summary

The Manager, IT Security is responsible for overseeing a team of IT Security professionals creating strategies to improve and monitor the security of IT systems. This role reports to the Director Information Technology.

Duties and Responsibilities/Essential Functions

To perform this job successfully, an individual must be able to perform each essential function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.

• Oversees a team of IT Security professionals that plan and design security solutions that enable the organization to identify, protect, detect, respond, and recover from cyber threats and vulnerabilities.
• Approves the security requirements and the security integration plans to protect existing infrastructure and to incorporate future solutions by doing a thorough security assessment of software.
• Reviews, manages and approves the action plans for policy creation and governance, system hardening, monitoring, incident response, disaster recovery, and emerging cybersecurity threats.
• Partners and collaborates with stakeholders to encourage the adoption of security-compatible software designs and best practices.
• Keeps abreast of the latest intelligence from law enforcement and other sources of cyber threat information.
• Manages the development, deployment and execution of controls and defenses to ensure the security and risk mitigation of company infrastructure technology, information systems and digital payment systems. This includes leading investigations with any suppliers that have security breaches.
• Manages ongoing vulnerability assessments and security audits to identify cybersecurity risks. Drives improvements necessary to mitigate those risks. Performs technical analysis of vulnerabilities and leads in the development of vulnerability corrective action plans.
• Establishes and implements operational policies and appropriate standards and criteria for hardware, software, email and web firewall, access verification and encryption requirements.
• Conducts a regular review of network, application and operation system security documents and procedures. Reviews results of vulnerability assessments and code reviews and informs management of vulnerabilities, risk and mitigation. Provides technical expertise to the vulnerability assessment team responsible for the testing, validating, and the security of the company’s applications, servers, and networks. Selects, develops and evaluates team to ensure the efficient operation of the function.
• Manages the design, implementation and communication of the IT disaster recovery plan. Oversees the risk analysis of critical operations and systems essential to continuing business operations in the event of a disaster. Monitors and tests the design and implementation of network and server backup solutions. Leads the IT disaster recovery program/project design function to ensure strategic goals are met. Partners with corporate disaster recovery and business continuity teams to include training, testing and communication of disaster procedures within the organization. Builds the necessary controls, infrastructure and procedural playbook to monitor, identify and provide proactive detection and response. Coordinates response to significant incidents and identifies cybersecurity risks and gaps. Reviews detailed incident reports and provides technical briefs to the IT security team.
• Manages cybersecurity vendor partnerships and associated contracts, including cybersecurity insurance vendors.
• Manages and directs the cybersecurity training vendor, prepares phishing simulations and reports results.
• Partners with the cybersecurity firm to implement two executive tabletops each year.

Education And/Or Experience:

• Bachelor’s degree in computer science, business administration or related field, or equivalent combination of education and experience.
• 8+ Years of building high performing Information Security teams and capabilities, leading cybersecurity implementation programs, vulnerability management, disaster recovery planning, coordinating security assessments and driving continuous improvement.
• Required experience leading diverse and cross functional teams.
• Demonstrated experience with working in lean and agile delivery teams.
• Demonstrate excellent communication and presentation skills to all levels of audience.
• Demonstrate experience partnering with front of the house functions such as sales, marketing and customer service through capabilities supporting the back of the house and through customer delivery.
• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) helpful.
• Demonstrated Proficiencies/Skills/Abilities:
• Exceptional leadership skills, with the ability to develop and communicate strategy, inspire and motivate the staff, and maintain alignment across the business.
• A high degree of political savvy, astuteness and the ability to use informal power structure of the organization to achieve program success and overcome obstacles.
• Strong business acumen, including manufacturing industry and IT domain specific knowledge.
• Deep understanding of how organizations can use current technologies to drive digital business.
• Ability to develop programs and deliver them with financial and resource constraints.
• Strong communication skills and ability to translate between, and connect, business and technology

Competencies

To perform the job successfully, an individual should demonstrate the following competencies:

• Builds Effective Teams: Builds strong effective teams that apply their diverse skills and perspectives to achieve common goals
• Directs Work: Provides direction, delegates, and removes obstacles to get work done.
• Manages Complexity: Makes sense of complex, high quantity, and sometimes, contradictory information to effectively solve.
• Business Insight: Applies knowledge of business and the marketplace to advance the organizations goals.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice. Work beyond 40 hours per week may be required.

Cirrus is dedicated to a drug free work environment promoting equal employment opportunity. Qualified applicants will receive consideration for employment without regard to race, sex, national origin, color, age, disability, religion, pregnancy, veteran status, marital and family status, sexual orientation, receipt of public assistance, genetic information or any other characteristic protected by applicable law.

Our Benefits: Cirrus provides a range of exciting benefits, including:

• 401(k) Plan: Dollar-for-dollar match up to 5% after 90 days, with 100% vesting.
• Employer-Paid Coverages: Group term life, short- and long-term disability insurance.
• Comprehensive Health Coverage: Medical, vision, dental, with additional dependent coverage options.
• Free Health Tracking: With rewards for meeting health goals.
• Generous PTO: 160 hours accrued within the first year.
• Employee Referral Bonus: For referring talented candidates.
• Career Development: Tuition reimbursement and professional growth opportunities.
• Exclusive Discounts: Access to partner and marketplace discounts.
• Community & Engagement: Company and employee clubs at various locations.

These benefits are designed to support your well-being, growth, and enjoyment at Cirrus!