Information Security Manager
2 weeks ago
- Guide security policy and participate in broader Information Security governance efforts.
- Develop and maintain the Information Security Management System (ISMS) in collaboration with regional information security SMEs and technical consultants.
- Oversee and manage the ISMS and recommend appropriate mitigating controls.
- Oversees Information Security Risk Management activities, including risk identification, assessment, and communication to relevant interest holders.
- Provide valuable expertise and leadership directly to the governing Joint Board executive leadership, including sharing metrics to reflect the performance of the regional security program functions, executive risk score reports, and other guidance on a variety of information security topics.
- Facilitate a committee of Information Security SMEs across the Agencies to ensure both regional compliance and concurrence on information security-related matters, recommending solutions, and working from the regional perspective to achieve optimal solutions.
- Collaborate with the Systems Integrator, other vendors, and partner Agencies to ensure security best practices, standards, policies, and regulatory requirements are incorporated into core payment system design, implementation, and sustainment, as well as support other future phase projects.
- Conduct regular security reviews of both software and processes, advising on information security practices. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats.
- Support external IT security audits and assessments that focus on operation.
- Develop, update, implement, and conduct information security training programs to support the ISMS objectives.
- Manage approvals for Identity and Access Management (IAM) and Access Control Administration.
- Act as Incident Commander for Security Incident Response activities, whenever the Information Security Incident Response Plan is invoked by the regional program; play an interest holder and oversight role if the plan is invoked by other partners or vendors.
- Participate in information security incident investigation and response efforts; perform root-cause analysis when incidents occur and prepare incident reports.
- Evaluate change requests to determine potential impacts to Information Security, including IT systems, processes, policies, and provide appropriate input to the Change Management process.
- Coach future Regional Operations Team (ROOT) information security personnel as the ISMS becomes complete and mature.
- Keep up to date on latest information security trends, "best practices", threats, and countermeasures.
- Enterprise-level information security plans, policies, standards, guidelines, methods, and practices based on current industry standards, best practices, tools, and techniques.
- Information Security Management Systems, and applicable industry standards (ISO 27001/2).
- Pertinent federal, state, and local laws, codes, and regulations; particularly those that affect information security for payment systems.
- Environments subject to the Payment Card Industry Data Security Standard (PCI DSS), including compliance-related duties.
- Knowledge and understanding of developing and administering information-security standards, practices, audits, risk management, and policy compliance.
- Information Security Audit principles and practices.
- Knowledge of one or more governance frameworks such as COBIT 5, ISO, NIST, or COSO.
- Strong understanding of IT Service Delivery (ITIL) core processes and methodologies.
- Principles, methods, and techniques used in the facilitation of managing projects and leading teams.
- Relevant experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography.
- In-depth knowledge of security software threats and vulnerability mitigation techniques.
- Working knowledge of cloud platforms such as Azure/ AWS and relevant security controls.
- Establishing and maintaining collaborative working relationships with other department staff, management, vendors, and other interest holders.
- Documenting and explaining risks, recommendations, and incident data to technical interest holders.
- Interpreting and administering information security policies, standards, and procedures sufficiently to administer, discuss, resolve, and explain them to staff and other constituencies.
- Leading or supporting an Information Security Management System.
- Generating metrics and preparing reports to facilitate decision-making on security-related activities.
- Utilizing personal computer software programs affecting assigned work and in compiling and preparing spreadsheets and reports.
- Responding to inquiries with effective oral and written communication.
- Researching, analyzing, and evaluating new security processes, products, and techniques.
- Excellent time management skills including the ability to prepare, prioritize, and complete work plans.
- Working effectively under pressure, meeting deadlines, and adjusting to changing priorities.
- Writing of technical documentation and standards, including skill in English usage, spelling, grammar, and punctuation
- At least one of the following (in valid status):
- Certified Information Systems Security Professional (CISSP).
- Certified Information Security Manager (CISM).
- Certified Information Security Auditor (CISA).
- Other industry relevant certifications in the fields of information security, project management, auditing and/ or risk management, such as the Certification in Risk and Information Systems Control (CRISC)
Preferred Skills and Qualifications:
- Knowledge of Governance, Risk, and Compliance (GRC) tools.
- Principles of leadership, supervision, training, and performance evaluation.
- Extensive knowledge of risk-based methodologies, and one or more of the following frameworks: ISO 27001/2:2017, 27005:2011, and 31000; PCI-DSS; or NIST 800-53.
Location: Downtown Seattle (Hybrid)
M-F: 8 AM to 5 PM
Hybrid: 3 days work onsite
Pay: $75 per hour
-
Information Security Analyst
1 week ago
Seattle, WA, United States Dat Services Inc Full timeAbout DAT Discover your future at DAT Freight & Analytics, where innovation meets impact. For over four decades, DAT has been at the forefront of transportation and logistics, helping businesses move freight with greater efficiency and confidence. We are a technology company that removes uncertainty from freight for truckers, brokers, and shippers every day....
-
Information Security Analyst
1 week ago
Seattle, WA, United States Dat Services Inc Full timeAbout DAT Discover your future at DAT Freight & Analytics, where innovation meets impact. For over four decades, DAT has been at the forefront of transportation and logistics, helping businesses move freight with greater efficiency and confidence. We are a technology company that removes uncertainty from freight for truckers, brokers, and shippers every day....
-
Information Security Analyst
7 days ago
Seattle, WA, United States Dat Services Inc Full timeAbout DAT Discover your future at DAT Freight & Analytics, where innovation meets impact. For over four decades, DAT has been at the forefront of transportation and logistics, helping businesses move freight with greater efficiency and confidence. We are a technology company that removes uncertainty from freight for truckers, brokers, and shippers every day....
-
Information Security Analyst
3 days ago
Seattle, WA, United States Dat Services Inc Full timeAbout DAT Discover your future at DAT Freight & Analytics, where innovation meets impact. For over four decades, DAT has been at the forefront of transportation and logistics, helping businesses move freight with greater efficiency and confidence. We are a technology company that removes uncertainty from freight for truckers, brokers, and shippers every day....
-
Architect, Information Security, IAM
2 weeks ago
Seattle, WA, United States Edwards Lifesciences Full timeInnovation starts from the heart. At Edwards Lifesciences, we're dedicated to developing ground-breaking technologies with a genuine impact on patients' lives. At the core of this commitment is our investment in cutting-edge information technology. This supports our innovation and collaboration on a global scale, enabling our diverse teams to optimize both...
-
Senior Engineer, Information Security
1 week ago
Seattle, WA, United States Bill and Melinda Gates Foundation Full timeThe Foundation We are the largest nonprofit fighting poverty, disease, and inequity around the world. Founded on a simple premise: people everywhere, regardless of identity or circumstances, should have the chance to live healthy, productive lives. We believe our employees should reflect the rich diversity of the global populations we aim to serve. We...
-
Senior Engineer, Information Security
2 weeks ago
Seattle, WA, United States Bill and Melinda Gates Foundation Full timeThe Foundation We are the largest nonprofit fighting poverty, disease, and inequity around the world. Founded on a simple premise: people everywhere, regardless of identity or circumstances, should have the chance to live healthy, productive lives. We believe our employees should reflect the rich diversity of the global populations we aim to serve. We...
-
Hardware Architect
3 days ago
Seattle, WA, United States Apple Full timeRole Number: 200627965-3337 Summary Apple Information Security is responsible for protecting Apple’s data in transit and at rest. Apple employees and partners are always moving information from one system to another, or storing it on a server or device. Our job is to make sure Apple's information doesn't fall into the wrong hands. We are looking for a...
-
Hardware Architect
2 weeks ago
Seattle, WA, United States Apple Full timeRole Number: 200627965-3337 Summary Apple Information Security is responsible for protecting Apple’s data in transit and at rest. Apple employees and partners are always moving information from one system to another, or storing it on a server or device. Our job is to make sure Apple's information doesn't fall into the wrong hands. We are looking for a...
-
Information Security Engineer
7 days ago
Seattle, WA, United States Palantir Technologies Full timeA World-Changing Company Palantir builds the world's leading software for data-driven decisions and operations. By bringing the right data to the people who need it, our platforms empower our partners to develop lifesaving drugs, forecast supply chain disruptions, locate missing children, and more. The Role As an Information Security Engineer, you are...
