Security Information Manager Job Description
Security Information Manager Duties & Responsibilities
To write an effective security information manager job description, begin by listing detailed duties, responsibilities and expectations. We have included security information manager job description templates that you can modify and use.
Sample responsibilities for this position include:
Security Information Manager Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Information Manager
List any licenses or certifications required by the position: CISSP, CISM, CISA, GIAC, SANS, ISO27K, CRISC, ISO, ISSMP, PCI
Education for Security Information Manager
Typically a job would require a certain level of education.
Employers hiring for the security information manager job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Education, Information Technology, Technical, Engineering, Information Systems, Business, Computer Engineering, Computer Information Systems
Skills for Security Information Manager
Desired skills for security information manager include:
Desired experience for security information manager includes:
Security Information Manager Examples
Security Information Manager Job Description
- Ensure that new client engagements, in the areas of responsibility, adhere to the required information security controls and policies
- Conduct assessments on Information security controls in order to measure the effectiveness of controls and identify control gaps
- Coordinate third-party risk assessments and audits
- Prompt response to DoD/DISA bulletins to ensure SIPRnet enclave is in compliance with all relevant regulations and other requirements
- Assist in the development of security policies, procedures, and instructions
- Design and verify implementation of various information security controls
- Work in partnership with Director of Risk, Director of Business Assurance, SH&E Manager and Head of Clinics to ensure any reporting, security updates and recommendations are synergised with current reporting requirements, SH & E manuals, BCP/DR, evacuations, Dawn Raids, security advice or training
- Identify current and/or potential security risks and develop, implement, drive and optimize security solutions, methodologies, policies and/or practices
- Develop, maintain and champion information security requirements, policies, and procedures across the business and technology
- Influence the continuous improvement of processes, policies and best practices to optimize performance and availability of technologies
- Ensure the team delivers on the security goals, conduct performance appraisals for your team and make recommendations
- Minimum 5years+ in the field of information security ops, data protection ,infrastrucuture security and information security governance
- Exposure and experience in implementing / managing info sec ops for a large enterprise, preferably part of global ops
- Knowledge on endpoint and server side security
- Exposure on data protection products and its implementation like Mcafee, Websense
- Knowledge on application security concepts ( Web Application / Mobile Application)
Security Information Manager Job Description
- Ensure that all IT and information security programs and policies are in alignment/compliance with applicable privacy and identity theft laws and other regulations such as SOX, HIPAA, and PCI
- Collaborate with IT leadership, privacy officers, and human resources to establish and maintain a system for ensuring that security and privacy policies are met
- Assist in updating, maintaining and documentation of IT/OT security controls
- May oversee the audits of computer systems to ensure that they are operating securely and that data is protected from both internal and external attack
- Assist in updating, maintaining and documentation of IT security controls
- Working with other Information Security Specialists, providing advice and guidance to programmes on technical, policy and risk management topics
- You are an expert with a proven track record in Technical Risk management, Information Security, IT Auditing, or equivalent experience
- Support security initiatives and global policy adherence and awareness efforts in the areas of responsibility
- Support global information security metrics and reporting program(s)
- Provide security expertise to business units and key stakeholders
- Strong understanding of information security and the relationship between threat, vulnerability, and information value in the content of risk management
- Must have a track record of implementing a comprehensive strategy and plan for managing information security
- Demonstrated ability to build an effective, cohesive, and collaborative team
- CISSP, CISM, PMP certifications are preferred
- Experience with implementing, monitoring, maintaining, and tuning security tools such as IDS/IPS, SEIM, FIM, Malware Prevention, Email Security, Privilege Access Tools
- Preferred candidates will have a Bachelor’s degree in Computer Science or related field
Security Information Manager Job Description
- Develops and maintains a formal information system security program and policies for NTC
- Develop comprehensive enterprise information security, IT risk and compliance management program
- Develop, implement and monitor an ongoing employee education program for all employees on technology risk and appropriate mitigation strategies and approaches
- Identify and analyse business and technical security concerns with all new projects, and ensure secure controls/solutions are put in place or escalate as appropriate to ensure that EMS is managing the risk
- Working with Programme Managers and other teams within Information Security to forecast budgets for delivering security within the programmes
- Co-ordinating the delivery of services and assurance checks into the programmes from teams in the Information Security function
- Providing regular, accurate management reports and briefings on the status of information security within the programmes
- Contributing to the continuous improvement of the CISO framework for engaging with major programmes
- You will have a Bachelor’s degree or equivalent experience
- You have experience in running and managing regulatory assessments for a company with significant regulatory requirements, preferably Financial Services
- Working experience with industry frameworks (CSF, ISO, COBIT)
- 10 or more years of experience with information security program management
- Demonstrated experience with computer security models and frameworks
- Demonstrated experience in the assessment of risk between corporate and production control networks (ie
- Bachelor’s degree in a related field or 15 years of experience in an information security role
- Completion of your CISSP
Security Information Manager Job Description
- Assist in the support of internal and external audits and risk assessment activities, including any required remediation of audit issues or mitigation of risk
- Assist in the development of security objectives and corresponding strategic plan to safeguard the company’s computer systems and data
- Undertake detailed gap analysis for compliance against GDPR, identify requirements and work with stakeholders across the business and externally with the client to get agreement to solutions, and to ensure delivery
- Develop and own the Security Management Plan for the business
- Work with the Programme team regarding all information security and data protection requirements of the new contract
- Ensure we achieve (in conjunction with Programme team) and maintain accreditation to ISO 27001
- Lean on all data protection and information security incidents and breaches, escalate, investigate and deliver on solutions as required
- Manage data protection and information security compliance of any suppliers, and undertake necessary audits, checks or rectification activity as required
- Manage IT Health Checks, Penetration Tests or other audits ensuring that high priority issues are resolved
- Generation and delivery of security information, guidance and training
- 1+ year of experience with FedRAMP, FedRAMP+, SSAE16, ISO 27002, PCIDSS, HIPAA, SOX, or other information security standards
- 2+ years in a customer/public facing role
- Belief in the power of process to turn the extraordinary into the mundane and repeatable
- Strong organizational skills – you will have a good deal of independence
- Strong knowledge of IT security frameworks (ISO and NIST)
- Experience with ISO 27001 and PCI DSS
Security Information Manager Job Description
- Review and assess Information Security Controls across the business
- Lead negotiations with the third party assessor and internal audit
- Works across all aspects of AAG to ensure all areas are meeting regular reporting requirements for PCI
- Works with the Threat Defense, Security Governance, and Security Architecture teams to ensure information security activities are aligned
- Works with ITS infrastructure, network, and applications to drive security initiatives across the organization
- Drives automation and process improvement across all areas of Infosec
- Evangelizes for information security into all business units
- Works with business and ITS teams to refine and decrease the scope of the Common Desktop Environment
- Acts as a change agent through hands-on leadership
- Leads the Information Security team through coaching, counselling and developing team members
- Proficiency in project management methodology, project planning tools and techniques
- Recruit operations staff for site, including variable and temporary staffing
- Knowledge identity management systems, including SailPoint or Oracle Identity Manager
- University degree in Computer Science, Information Systems Engineering or any related field alternatively suitably international information security certifications CISSP, CISA, CISM, BS17799 Lead Auditor, CFE
- Demonstrated project management capabilities in the IT field
- Demonstrated pattern of learning about the business technical concepts and trends