The Cyber Security Manager will interface with peers across all levels of the Information Technology department, as well as with internal and external business representatives to share the firm’s security vision and to solicit their involvement in achieving higher levels of threat prevention through information sharing and co-operation.
- Provide technical project leadership for firm-wide Information Security programs spanning multiple quarters/years pertaining to cyber security and related security protection.
- Create and maintain the firm’s security architecture design, awareness training program, and security documentation (i.e. policies, standards, baselines, and procedures)
- Participate in the creation and maintenance of the firm’s Business Continuity and Disaster Recovery Planning, where appropriate
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat outbreaks
- Identify, propose, and acquire new security solutions or enhancements to existing security solutions to improve the firm’s overall security stance by following existing procurement processes
- Oversee the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with established best practices and standards
- Act as the first level escalation point for all security-related incidents, events, and day-to-day security operations
- Ensure the confidentiality, integrity, and availability of the data residing on or transmitted through the firm’s systems, applications, databases, and any other data repositories
- Drive the adoption of published IT security policies, standards, and procedures across the firm
- Supervise the design and execution of vulnerability assessments, penetration tests, and customer driven security audits
- Oversee the remediation efforts of vulnerability findings resulting from internal and external vulnerability scans and penetration tests
- Lead and/or participate in special projects, when assigned
- 2+ years current experience managing information security staff/teams responsible for cyber security
- Strong background with firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP proxies, etc.
- Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Citrix, and Cisco IOS
- Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
- 4+ years experience as an information security professional with advanced experience developing, , and driving adoption of information security standards and procedures
- 2+ years advanced knowledge of security standards and frameworks as well as experience implementing and executing security incident response
- Exceptional customer service, verbal and written communication skills and ability to effectively interact with all levels of staff including C-level management
- Bachelor’s degree from an accredited university in CS, IT, CIS, a computer related field, or equivalent work experience
- Possession of CISSP, GIAC, CEH, Security+ or other security related certification is a plus
- Experience within the legal, financial, insurance, and/or healthcare industry is a plus
- Hands-on knowledge working with Atlassian JIRA Software - Project and Issue tracking is a plus