RahrBSG is looking for an Information Systems Security Manager in Shakopee Minnesota.

The Information Systems Security Manager is responsible for protecting an organization's computer networks, systems, and data from cyber-attacks, viruses, and other security breaches. A successful ISSM drives results in developing, implementing, and maintaining a comprehensive security strategy that protects our critical assets and data from unauthorized access, use, disclosure, disruption, modification, or destruction.

BENEFITS AND PERKS:

• Competitive Base Salary Between $155,000 - $170,000 annually
• Medical benefits with family coverage paid for at 90%
• Dental and Vison Programs
• Generous 401(k) Company Contribution of 15%
• Employee Assistance Program
• Paid Life Insurance
• Short Term Disability
• Long Term Disability
• Tuition Reimbursement
• Generous PTO
• Separate Sick Time Policy
• 12 Paid Company Holidays
• Parental Leave
• Career Growth and Progression Paths
• Stability and Backing of a 177-year-old Family Owned and Operated Company

ROLES AND RESPONSIBILITIES:

• Acquires and manages the necessary leadership support, financial resources, and key security partners and personnel to support IT security goals and objectives and reduce overall organizational risk.
• Collects and maintains data needed to provide system cybersecurity reporting.
• Communicates the value of information security throughout all levels of the organization.
• Evaluates, validates, and implements security improvements as required.
• Coordinates cybersecurity inspections, tests, and reviews for the network and digital environments.
• Integrates cybersecurity requirements into the continuity planning for each system/organization.
• Evaluates and approves development efforts to appropriately install baseline security safeguards.
• Identifies alternative information security strategies to address organizational security objectives.
• Identifies IT security program implications of new or upgraded technologies.
• Interprets patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Manages the monitoring of information security data sources to maintain organizational situational awareness.
• Facilitates internal and external information security risk assessment processes.
• Participates in the development or modification of the computer environment cybersecurity program plans and requirements.
• Prepares, distributes, and maintains plans, instructions, guidance, and standard operating procedures concerning the security of network system operations.
• Provides system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• Recognizes security violations and takes appropriate action to report incidents, as required.
• Supervises or manages protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Tracks audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Ensures that plans of action or remediation plans are in place for vulnerabilities identified during risk assessments, audits, or inspections.
• Develops and manages relationships with key security vendors and resources and maintains vendor security requirements and qualification processes.
• Monitors network operations and infrastructure and analyzes reports from monitoring systems for signs of future risks.
• Investigates security system failures and employee violations to assess weaknesses and leads the response when a security breach occurs.
• Develops and implements risk management processes, analyzes company databases, and identifies and addresses potential security risks.
• Runs simulated attacks to evaluate the effectiveness of security measures, and tests where issues are anticipated.
• Serves as a focal point of contact for the information security team and the customer or organization.
• Assures successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals.

MINIMUM EDUCATION & WORK REQUIREMENTS:

• Bachelor’s degree in computer science, information technology, or related fields preferred.
• 5 years relevant experience in information systems security roles (e.g., ISSE, ISSO, or ISSM).
• Security certifications such as CISSP, CISA, or CEH are preferred.
• Proven technical experience in Cloud based Security (AWS, Azure, M365), Active Directory, Network security and communication protocols, EDR, and XDR.
• Firsthand experience analyzing a high volume of logs, network data, and SOC reports.

KNOWLEDGE, SKILLS, AND ABILITIES:

• Proven experience in incident response, forensics, and cybersecurity engineering troubleshooting.
• In-depth understanding of common operating systems (Linux/Windows), networking protocols, application security, databases, and Internet applications development.
• Proficiency in communicating technical security information to non-technical personnel, with strong verbal and written communication skills.
• Ability to work independently in a self-directed manner and collaboratively as a member of security and IT teams.
• Capability to create and implement detailed action plans and strategic security solutions, including writing security requirements and design documents.
• Experience with encryption technologies and change management tools and methodologies.
• Expertise in risk, compliance, and information security policy development, including corporate/industry information security governance and risk compliance practices and standards.
• Development of educational programs in security awareness.
• Knowledge of IT processes, controls, and risk/security frameworks, as well as information security regulatory standards such as ISO 27001/2 and NIST.
• Well-rounded expertise in IT security areas and concepts such as data backup and recovery, business continuity/disaster recovery, intrusion detection, data controls, encryption algorithms, network security architecture, network traffic analysis, server and client operating systems, IT supply chain security, and supply chain risk management.
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Up-to-date understanding of new and emerging IT and cybersecurity technologies, threats, and threat vectors, with the drive to keep abreast of future trends and developments.
• Familiarity with vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins) and various system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channels, replay, return-oriented attacks, and malicious code).