Information Security Manager (Local Candidates ONLY)

Applicants MUST Currently Reside in the Greater Pittsburgh Area.

No 3rd Parties/Sub Vendors

Location: Hybrid- 3 days per week on-site in Pittsburgh, PA (Applicants must be local to Pittsburgh, PA)

Job Type: Full Time/Permanent

Work Authorization: U.S. Citizens Only

Overview:

The A.C.Coy has an immediate need for a Manager of Information Security for a full-time opportunity.

Responsibilities:

• Collaborate closely with various Technology teams and Firm leadership to inspire, mentor, and cultivate the skills of the security team members, fostering a high-performance environment
• Develops and maintains information security policies, procedures and training and advise the various departments in adhering to them
• Leads the ongoing ISO 27001/27701 lifecycle and manage the relationship with our consulting team to ensure security operations compliance
• Provides expert opinions and leadership over existing technical threats and advice on how to mitigate or identify as acceptable risks
• Oversees vulnerability scanning and remediation programs
• Establish and Oversee Security Metric investments and risk trending dashboard
• Oversees and/or assists in performing on-going security monitoring threat avoidance analyses
• Manage relationships with security managed service providers and continuously develop their capabilities
• Analyzes new systems (hardware and software) and provides recommendations concerning their security
• Coordinates the development of an ongoing information security awareness program to ensure that employees are aware of threats and how to help ensure privacy of data
• Provide responses to client security audits/questionnaires/RFP’s
• Maintains appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted client data and reasonably protect against anticipated threats and hazards
• Ensures compliance through adequate training programs and oversight of periodic internal and 3rd party security audits
• Assesses audit results and partners with staff to create pragmatic action plans
• Monitors execution and completion of action plans
• Provides technical guidance and training to information owners and designs and implements programs for user awareness, compliance monitoring and security compliance.
• Develops and maintain an ongoing risk assessment program targeting information security and privacy matters
• Active participant in Information Security and serves as Technology leader for incident response
• Serves as primary contact for Technology incident responses

Education: Bachelor's Degree or equivalent experience

Experience:

• 10 years of experience working within an Information Security related field
• 5 years of experience managing a team of technical security engineers
• One or more of the following certifications strongly preferred: CISSP, CISM; matriculating candidates considered
• Strong understanding of various security frameworks; ISO27001/ISO27701 and SOC
• Working knowledge of EDR, Vulnerability Scanning, Firewall, Proxy, PAM/PIM, SIEM and other security-related technologies
• Ability to understand technical implications of security threats and prioritize risk
• Willingness to travel to other offices as required