The Manager of Information Security Governance is a key role in the Information Security team responsible for implementing and maintaining an enterprise-wide strategy to secure DTI\Epiq’s information assets and the services and products that depend on them, protect the privacy of the company’s clients and employees, and successfully adhere to identified compliance requirements. This role is strategic in nature and will focus on ensuring adherence to and continuous improvement of the overall security program.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
§ Support achievement of Information Security’s strategic objectives by ensuring established standards, processes and policies are adopted and applied consistently across all locations.
§ Recommend and facilitate improvements to processes by utilizing industry best practices and ISO27001.
§ Provide input into the development of security policies, standards, procedures and guidelines for securing corporate systems and information in adherence with all applicable policies and regulations.
§ Participate in or, as needed, lead special projects related to information security, especially in the areas of risk assessment, technical and process control design, and application of security standards. Interact with internal and external technical staff, consult with project teams at various stages of project cycles, and communicate status of projects to management and stakeholders on a regular basis.
§ Conduct complex security architecture analysis of networks, systems, applications, and technology initiatives to identify risk and provide expert advice on strategies for mitigating those risks.
§ Advise senior department management by identifying solutions for critical security issues and opportunities for security program improvement.
§ Investigates, recommends and oversees implementation of new security products and services.
§ Oversight of the ISMS as required to meet and maintain ISO27001:2013 standards.
§ Coordinate security assessments with internal audit, certifying bodies, and external vendors. Assess audit results and work with multiple resolver groups to ensure timely remediation of identified issues.
§ Assist in developing and implementing security awareness and training efforts.
§ Continually stay informed on security and technology issues that could impact the business and communicate these issues within the security team and other appropriate audiences.
§ Other miscellaneous duties as assigned.
INFORMATION SECURITY RESPONSIBILITIES:
This position shares in responsibility for information security by following all applicable security policies and procedures.
This position is authorized to use elevated privilege accounts in the performance of job duties.
This position is authorized to handle sensitive or confidential data in accordance with established procedures in the performance of job duties.
This position has access to systems providing account and access provisioning.
This position is authorized to issue password resets in accordance with established procedures in the performance of job duties.
This position is authorized to manage, provision, and deprovision IT assets in accordance with established procedures in the performance of job duties.
§ Bachelor’s degree, preferably in information security, computer science or other related field (work experience may be substituted for the required education on a year for year basis).
•High level of integrity and judgement concerning privacy and confidentiality issues
•Excellent written and verbal communication skills with the ability to effectively communicate complex concepts, policies, and procedures to individuals with a varying range of expertise, interests and backgrounds.
•High degree of collaboration and team-orientation. Consultative/client focus.
•Self-starter with demonstrated ability to manage multiple projects in a busy, fast-paced environment.
•Ability to drive tasks to completion including working in collaboration with cross-functional teams
•This role may require international travel.
§ Minimum of 5 years of combined security and\or IT work experience with at least 3 years in a position focused primarily on information security.
§ One or more professional security certifications (CISSP, CISM, CISA, or relevant SANS certification). ISO Lead Implementer\Auditor is a plus.
§ In-depth knowledge of information security standards, best practices, and common data confidentiality regulations (e.g., ISO27001\2, NIST, EU Privacy, PCI, HIPAA, etc.). Experience maintaining an ISMS within an ISO27001/2-compliance environment is a plus.
§ Demonstrated ability to translate business requirements into appropriate controls in a client-focused environment.
§ Experience with conducting detailed network, operation system, database and/or vulnerability assessments and security configuration audits is preferred