SR Security Manager
The Judge Group Inc.

Job Info

Location: Marlborough, MA
Description:
Company: 70 year old private company

Position: Senior Security Manager

Location: Marlborough, MA (Must work onsite)

The Senior Security Manager manages outsourced SOC, and is the relationship owner for other outsourced/3rd Party relationships relating to IT security. They will ensure appropriate application of risk management methodologies, security products, and technologies to protect the company's systems and information.

Key Responsibilities:

•Manages IT and company compliance issues. Produces detailed documentation including data flow diagrams, logical diagrams, and physical diagrams as required.

•Provides identity management and access control expertise for systems, networks, applications designs and architectures.

•Work across both Network, Infrastructure and Systems Administration functions to implement controls and best practices.

•Works as a liaison between IT and Operations Technology to ensure full and complete implementation of security controls, standards, and policies.

•Assists IT and Operations Technology with remediation planning and implementation.

•Establish and tests new and existing internal controls.

•Develop prioritized initiatives to address findings from both internal testing as well as from SOC.

•Work with Development to define and adhere to secure coding practices.

•Maintain all cybersecurity, IT Risk and Compliance, cyber insurance and other key documents (SSAE 16, SOC 1, WISP, Disaster Recovery, et. al.).

•Assists with development of the company's Asset Management processes and procedures.

•Creates KPI's, metrics, dashboards and reporting to measure the performance of the security organization.

Education and Experience:

•Bachelor's degree in information technology or equivalent plus 5+ years of related work experience with IT Risk Management, or an equivalent combination of education and work experience.

•Analytical skills and the ability to organize work in a logical, thorough, and succinct manner.

•Good understanding of risk management principles, regulatory requirements, and industry best practices.

•Good understanding of General IT Controls, and Data Privacy Regulations; previous auditor experience a plus.

•Good understanding of IT systems and controls including Web systems, e-commerce, data centers, network infrastructure, patching, access controls, databases, cloud systems etc.

•Flexibility to adapt to changing assignments and ability to effectively prioritize.

•Effective with written and verbal English communications at all levels, providing compliance guidance to project teams, management, and business partners.

•Demonstrated ability to operate and innovate in a small team with a fast-paced environment, balancing both strategic and tactical needs.

Key Skills and Certifications:

CISM or CISSP Certification preferred

PCI DSS

SSAE 16

SOC 1

State and Federal Data Privacy Regulations (as applicable)

Cloud Security

Customer Complaint Line - sending product/retaining PII data

Top To Do items

•Update WISP

•Create Acceptable Use Policy

•Own Cyber training (Mimecast) solution

•Phishing testing

•Prioritize list of actions once up to speed with Artic Wolf

•Document Ken's Cyber position

oSecurity model (NIST)

oCore requirements

oExisting posture

•Organize all Cyber Security documents, questionnaires, etc.

•List out all providers we need to keep Cyber documentation on

oFrequency of update

oBridge letters

•Own PEN Test relationship

Contact: ckelly@judge.com

This job and many more are available through The Judge Group. Find us on the web at www.judge.com