Ref ID: 04010-9502980491
Classification: Information Systems Security Manager
Compensation: $115000.00 to $140000.00 yearly
Position Purpose and Objectives
IT Information Security Officer is responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.
Major Duties and Essential Functions
- Coordinates the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures.
- Provide overall security program strategic direction to improve the information security posture and assurance level of the organization.
- Plan, design and audit policies and procedures which safeguard the integrity of and access to systems and electronic information in order to guard information against accidental or unauthorized modification, destruction or disclosure.
- Identifies vulnerabilities to the network, applications, and data systems.
- Develop and manage the frameworks, processes, tools and consultancy necessary for IT to properly manage risk and to make risk-based decisions related to IT activities.
- Proactive identification and mitigation of IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports presenting the level of controls compliance and current IT risk posture.
- Assist CTO with the audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership and relationships.
- Receives allegations of security incidents and conducts complex investigations; prepares written findings, recommendations and follow up evaluation; and analyzes patterns and trends.
- Coordinates CUTX information security incident response and reporting for events or exploited vulnerabilities including unauthorized system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information.
- Responsible to continuously stay up to date with developments in I.T. security standards and threats.
- Performs related duties as required or deemed appropriate to accomplish assigned responsibilities and functions of the position.