What are the responsibilities and job description for the MANAGER, INFORMATION SECURITY position at YKK AP America Inc.?
Our company culture is built upon YKK’s philosophy called the CYCLE OF GOODNESS™. We believe that providing value and being fair to our customers and our employees is what makes us a successful company in return. Guided by our core values and fundamental behaviors, we strive to foster a caring company, committed employees and challenging work that benefits our employees, customers, and communities. We offer competitive compensation packages, training and advancement opportunities. YKK AP America provides employees with a comprehensive benefits package designed to provide the security they need to enjoy life at home and at work. By providing a high level of benefit coverage at a reasonable cost to the employee, we hope to foster a long and productive employment relationship.
Position Summary
We are seeking an experienced Information Security Manager to lead our cybersecurity initiatives and manage our information security and compliance programs. This role primarily serves as a process and controls architect, with some “working manager” responsibilities, and oversees a small team and multiple third-party managed security service providers (MSSPs) that perform most operational duties. This role is chartered with several opportunities over the next midterm, including leading the company’s ISO27001 certification. The ideal candidate will have past involvement in achieving and maintaining ISO27001 certification, foundational understanding of protecting operational technology (OT) in a manufacturing environment, and familiarity with the NIST cybersecurity framework. This role is crucial for ensuring the protection of our information assets and compliance with relevant standards.
Essential Functions And Key Responsibilities
Information Security Program Management:
ASHLEY LITTLE
ASHLEYLITTLE@YKKAP.COM
YKK AP America Inc. is an Equal Opportunity Employer committed to a culturally diverse workforce. We take affirmative action to ensure equal opportunity for all qualified applicants to receive consideration for employment without regard to race, religion, color, age, sex (including pregnancy), national origin, sexual orientation, gender identity, disability status or protected veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (Opens in a new window) .
YKK AP America Inc. will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants. United States Department of Labor. Learn more (Opens in a new window) .
YKK AP America Inc. participates in the E-Verify program as required by law. Learn more about the E-Verify program (Opens in a new window) .
YKK AP America Inc. is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities. Applicants with a disability who require a reasonable accommodation for any part of the application or hiring process can follow the process outlined below when applying for a position: Provide your name and contact information to YKK AP's Accommodations team at accommodationrequest@ykkap.com . Your request will be responded to as soon as possible. Reasonable accommodations will be determined on a case-by-case basis.
Employment with YKK AP America Inc. is conditioned upon successfully completing a negative drug test for the presence of illegal drugs.
Position Summary
We are seeking an experienced Information Security Manager to lead our cybersecurity initiatives and manage our information security and compliance programs. This role primarily serves as a process and controls architect, with some “working manager” responsibilities, and oversees a small team and multiple third-party managed security service providers (MSSPs) that perform most operational duties. This role is chartered with several opportunities over the next midterm, including leading the company’s ISO27001 certification. The ideal candidate will have past involvement in achieving and maintaining ISO27001 certification, foundational understanding of protecting operational technology (OT) in a manufacturing environment, and familiarity with the NIST cybersecurity framework. This role is crucial for ensuring the protection of our information assets and compliance with relevant standards.
Essential Functions And Key Responsibilities
Information Security Program Management:
- Manage and continuously optimize the company's information security and compliance strategy, policies and procedures.
- Manage the evolving roadmap of information security initiatives.
- Manage and mentor direct reports responsible for security operations.
- Manage the delivery of small- to medium-sized security-related changes, and partner with the IT Project Management Office (PMO) on larger projects.
- Monitor performance of and provide direction to MSSPs while driving continuous improvement from their service.
- Oversee the ISO27001 certification process, including gap analysis, risk assessments and audits.
- Ensure continuous compliance with ISO27001 standards and facilitate periodic surveillance and recertification audits.
- Provide training and awareness programs related to ISO27001 for staff.
- Conduct regular risk assessments to identify potential security threats and vulnerabilities.
- Implement appropriate mitigation strategies to manage identified risks.
- Develop and maintain a risk management framework tailored to the manufacturing industry.
- Manage the incident response program, including the ongoing maintenance of incident response plans and procedures.
- Lead investigations and response efforts for security incidents and breaches.
- Oversee the day-to-day operations of the information security function, including monitoring, threat detection and response.
- Manage with third-party support our security technologies and tools (EDR, SIEM/XDR, IAM, etc.), ensuring they are effectively deployed and maintained.
- Collaborate with IT and other departments to ensure security controls are integrated into all systems and processes.
- Ensure adherence to internal compliance controls, relevant regulatory requirements and industry standards.
- Develop and maintain documentation related to information security policies, procedures and controls.
- Conduct regular security audits and assessments to evaluate the effectiveness of security controls, and provide support and evidence as required for corporate compliance audits.
- Oversee the selection of security training and awareness programs for employees.
- Promote a culture of security awareness throughout the organization.
- Bachelor’s degree in Information Technology, Computer Science, Cybersecurity or a related field.
- Minimum of 2 years of experience in managing information security personnel or third-party services, with demonstrated exposure and participation in a past ISO27001 certification.
- Minimum of 4-6 years total experience in information security or adjacent domains (information network design and operation, data center operation, etc.).
- Prior experience in a manufacturing environment is highly desirable.
- Strong understanding of information security principles, practices and technologies.
- Experience preferred, but not required, with NIST cybersecurity framework implementation.
- Experience preferred, but not required, with CMMC certification and discipline.
- Experience with risk management, incident response and security operations.
- Excellent leadership, communication and project management skills.
- Relevant certifications such as CISSP, CISM, ISO27001 Lead Auditor or similar are a strong plus.
ASHLEY LITTLE
ASHLEYLITTLE@YKKAP.COM
YKK AP America Inc. is an Equal Opportunity Employer committed to a culturally diverse workforce. We take affirmative action to ensure equal opportunity for all qualified applicants to receive consideration for employment without regard to race, religion, color, age, sex (including pregnancy), national origin, sexual orientation, gender identity, disability status or protected veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (Opens in a new window) .
YKK AP America Inc. will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants. United States Department of Labor. Learn more (Opens in a new window) .
YKK AP America Inc. participates in the E-Verify program as required by law. Learn more about the E-Verify program (Opens in a new window) .
YKK AP America Inc. is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities. Applicants with a disability who require a reasonable accommodation for any part of the application or hiring process can follow the process outlined below when applying for a position: Provide your name and contact information to YKK AP's Accommodations team at accommodationrequest@ykkap.com . Your request will be responded to as soon as possible. Reasonable accommodations will be determined on a case-by-case basis.
Employment with YKK AP America Inc. is conditioned upon successfully completing a negative drug test for the presence of illegal drugs.
