What are the responsibilities and job description for the Information Security Manager position at MSCCN?
This job was posted by : For more information, please see : The Information Security Manager (ISM) is a critical member of the Chief Information Security Officer's (CISO) team, acting as an interface between the CISO's strategic and process-based activities and the work of the technology-focused analysts, engineers, and administrators within the IT organization. The ISM translates the IT risk requirements and business constraints into technical control requirements and specifications while developing metrics for ongoing performance measurement and reporting. Furthermore, the ISM coordinates the IT organization's technical activities to implement and manage security infrastructure and provides regular status and service-level reports to management. Performing in a leadership capacity, the ISM utilizes a strong technical background and abilities to work closely with the rest of the IT organization and business management roles in aligning priorities and plans with key business objectives. While acting as an empowered representative of the CISO during IT planning initiatives, the ISM ensures that security measures are incorporated into strategic IT plans and that service expectations are clearly defined. Additionally, the ISM works with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility, and performance. ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned. Works with the Information Security organization to develop a security program and security projects that address identified risks and business security requirements. Manages the process of gathering, analyzing, and assessing the current and future threat landscape, as well as provides the Information Security organization with a realistic overview of risks and threats in the enterprise environment. Works with the Information Security organization to develop budget projections based on short- and long-term goals and objectives. Provides security communication, awareness, and training for audiences, which may range from senior leaders to field staff. Consults with IT and Information Security organizations to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software. Recommends and coordinates the implementation of technical controls to support and enforce defined security policies. Researches, evaluates, designs, tests, and recommends or plans the implementation of new or updated information security hardware or software, and analyzes impact on the existing environment; provides technical and managerial expertise for the administration of security tools. Works with the enterprise architecture team to ensure that there is a convergence of business, technical, and security requirements; liaises with IT management to align existing technical installed base and skills with future architectural requirements. Develops and implements controls and configurations that are aligned with security policies and legal, regulatory and audit requirements. Coordinates, measures, and reports on the implementation and effectiveness of security controls in the environment. Manages security projects and provides expert guidance on security matters for other IT projects. Assists and guides the Disaster Recovery Planning team in the selection of recovery strategies and the development, testing, and maintenance of disaster recovery plans. Monitors and reports on compliance with security policies, as well as the enforcement of policies within the organization. Works with the Information Security organization, IT, and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program. Provides support and guidance for legal and regulatory compliance efforts, including audit support. Assists resource owners and IT staff in understanding and responding to security audit failures discovered in the environment. Acts as an active participant in the Cyber Security Incident Response Team (CSIRT). Acts as a liaison between industry peers, government agencies (including law enforcement), and other specialists. Coordinates with the fusion center to identify and assess IT security incidents. Assists in the development and delivery of incident preparedness exercises both at the fusion center level as well as the crisis management team. Ensures execution of the incident response process to the resolution of the incident. Actively monitors and researches cyber threats that could have a direct or indirect impact on the Arvest brand, ownership, business operations, technology infrastructure, and customer trust. Utilizes commercial intelligence providers to gain insight into existing activities in the hacker and fraudster communities, as well as planned activities and emerging motivations. Advises the Information Security organization of significant emerging threats and recommends tactical steps to counteract such threats. Develops
