The Information Security Manager is responsible, as a member of the security team, for analyzing the information security environment and developing security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure. Assists in determining methods of implementing and enforcing security policies; confers with other IT and business staff to identify and implement security plans for data, software applications, hardware, telecommunications, and computer installations. Position reports to the Director of Information Security. Provide technical expertise and guide the administration of security tools that control and monitor information security Assist in the monitoring of compliance with security controls Assist IT and business staff in understanding and responding to security audit failures reported by internal and external auditing departments Assist in the response to security questionnaires, RFP responses, and audits. Train staff in the implementation of necessary computer security controls or new/upgraded security software and devices Research, evaluate, design, test, recommend and plan implementation of new or improved information security software or devices. Proactively protect the integrity, confidentiality and availability of information in the custody of or processed by the company by responding in a timely manner to a loss or misuse of information assets Participating in investigations of suspected information security misuse or in compliance reviews as requested by auditors or customers Communicating unresolved security exposures, misuse, or noncompliance situations to management Review operation logs and event console activity to determine cause of security related events or to identify potential security-related events Advise security administration staff on normal and exception processing of security authorization requests Document security policies; maintain resource classification scheme

Ability to relate business requirements and risks to technology implementation for security-related issues Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized technical expert Experience with vulnerability scanning tools and penetration testing Experience with risk assessments and audit procedures Particular expertise desired for Windows based desktop and server security Strong analytical and problem-solving skills Strong customer focus and problem-solving skills Solid project management skills, especially in a cross-functional environment Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people

Bachelorâ??s degree in Computer Science, Engineering or related discipline; equivalent experience acceptable Specific information security experience and CISSP highly desired Experience implementing PCI certification, ISO 27001 accreditation, and SAS70 audits desired