Manager Infromation Security

Job Description

The Manager, Information Security is responsible to enable the company's business strategies, manage information technology risk, and drive business-as-usual regulatory compliance. This position leads the assessment, documentation, audit, and continuous improvement of the company's compliance and risk posture and maturity as they relate to its information assets and technology supply chain. The purpose of this position is to provide highly skilled technical and information security leadership, consulting, and expertise for the development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection and incident handling; standards and testing; risk assessment; awareness and education; auditing; and development of policies, standards, and guidelines.

JOB RESPONSIBILITIES:

• Execute, maintain, and expand our information security compliance program.

• Drive the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.

• Lead PenTest projects including remediation plans

• Act as the Incident Response Coordinator for security investigations and incidents

• Assess, evaluate, and make recommendations to management regarding the adequacy of and options to strengthen the security controls for the company's information and technology systems and procedures.

• Drive compliance with the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.

• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.

• Develop and maintain policy, standards, processes, and procedures to assess, monitor, report, escalate and remediate IT risk and compliance related issues.

• Work collaboratively with corporate compliance, internal audit, corporate risk management, and various technical teams in the design and implementation of audit, risk assessment and regulatory compliance practices for IT.

• Coordinate compliance work streams across multiple functional areas.

• Lead cross-functional projects teams in the development, implementation, monitoring and reporting of control processes, documentation and compliance routines.

• Advise IT and business executives on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems.

• Educate IT and business executives on appropriate mitigation strategies and approaches.

• Provide oversight regarding audit, regulatory and risk management activities across IT functional areas, such as the development and maintenance of regulatory documentation (e.g., Sarbanes-Oxley Act compliance).

• Coordinate the IT component of both internal and external audits, federal and state examinations.

• Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, CFIUS, ITAR, HIPAA, NIST and FISMA

• Own Compliance policies and processes for data security and privacy (such as SOC2, GDPR, ISO27001 and more)

• Interact in both oral and written communications with all levels of IT staff, legal counsel, auditors, and technology vendors and contractors, in matters related to information security and security awareness materials.

• Coordinate work with Internal Audit, Legal, cross-functional stakeholders, and outside consultants as appropriate on required security and compliance assessments and audits.

• Coordinate and track all information technology and security related audits including scope of audits, functions/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.

• Assess computer hardware, software, and systems for security risks or violations and work with IT staff and technology vendors to recommend solutions.

• Develop strategies to address awareness and training for all stakeholders as well as technical solutions.

• Must be able to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise.
• Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.

• Revise procedures and reports to identify hidden risks or non-conformity issues.

• Additional duties as assigned

Qualifications:
Qualifications

•Bachelor's Degree in Information Systems or related field; or an equivalent combination of education and experience sufficient to successfully perform the key accountabilities of the job required

• Advanced degree (MBA, Master's) preferred

• 8+ years progressive information security and compliance experience

• 5+ years in a leadership role (direct or indirect)

• Prior managerial/supervisory experience preferred

• In-depth knowledge of ecommerce and application development security practices and technologies

• Experience with hosted ecommerce platforms and systems integration

• In-depth knowledge of risk assessment and threat modeling methods, frameworks and technologies

Manager, Security GRC

Updated: June 6, 2018

• Experience in assessing security architecture, data flows, and integrations

• Experience with a variety of information security systems and tools, such as Security Information and Event Management, Application Vulnerability Management, Infrastructure Vulnerability Management, Intrusion Detection/Prevention, Web Content Filtering, Anti-Virus/Malware and Data Loss Prevention

• Expertise in PCI and SOX requirements

• Ability to facilitate risk, business impact, control and vulnerability assessments

• Experience in implementing and maintaining security policies, processes, procedures and standards

• Experience with scripting and security automation

• Expertise in network infrastructure, including routers, switches, firewalls, and the associated network protocols/concepts

• High degree of proficiency MS Office Suite, Outlook & Internet applications

• Strong analytical, prioritizing, interpersonal, problem-solving, presentation, budgeting, project management (from conception to completion), & planning skills

• Strong verbal and written communication skills (including analysis, interpretation, & reasoning)

• Solid understanding and application of mathematical concepts

• Ability to develop and maintain collaborative relationships with peers and colleagues across the organization, as well as, internal and external clients

• Ability to work well autonomously and within a team in a fast-paced and deadline-oriented environment.

• Ability to work with and influence peers and senior management

• Self-motivated with critical attention to detail, deadlines and reporting

Additional Information

All your information will be kept confidential according to EEO guidelines.

GNC Holdings LLC is an Equal Opportunity Employer