Safeguard our organization's future by championing security excellence as the IT Security Manager. You will design and implement robust security programs, lead a high-performing team in proactive threat detection and incident response, and drive continuous improvement initiatives to stay ahead of evolving cyber threats. Working closely with the IT Director and executive leadership, you will be a trusted advisor on all cybersecurity matters, ensuring business continuity and data integrity. Expertise in project management and a passion for leading innovation are essential for success in this critical role.

ESSENTIAL FUNCTIONS/RESPONSIBILITIES:

• Compliance and Governance:
  • Comply with company policies, safety regulations, and reporting procedures.
  • Ensure adherence to relevant data privacy regulations and industry standards.
  • Maintain and update security policies, procedures, and incident response plans.
  • Prepare and deliver reports on security posture and risks for management.
  • Conduct employee training on security and privacy policies and practices.
• Security Operations and Controls:
  • Conduct regular security assessments and vulnerability scans to identify weaknesses.
  • Design, implement, and maintain security controls.
  • Manage implementation of cybersecurity policies and procedures.
  • Support the IT Change Management procedures for secure implementation of changes.
• Threat Detection and Response:
  • Monitor security alerts and logs for suspicious activity.
  • Lead the incident response process in case of cyberattacks.
  • Coordinate with external resources (vendors, law enforcement) for complex incidents.
  • Implement improvements to processes and equipment to strengthen cybersecurity.
• Cybersecurity Awareness and Training:
  • Spearhead and oversee cybersecurity awareness initiatives (phishing campaigns, training).
  • Develop and deliver regular security awareness training programs for employees.
  • Build and maintain relationships with local cybersecurity organizations.
• Project Management and Innovation:
  • Manage investigations of cybersecurity incidents.
  • Develop metrics for ongoing performance measurement and reporting.
  • Participate in projects and operational evolutions, providing cybersecurity oversight.
  • Manage the cybersecurity budget and secure necessary resources.
  • Evaluate and select cybersecurity vendors, negotiate contracts, and manage relationships.
  • Stay abreast of current cybersecurity threats (general and industry-specific).
• Additional responsibilities may include:
  • Managing physical security controls (cameras, access control).
  • Conducting security audits and penetration testing.
  • Contributing to disaster recovery and business continuity planning.
  • Participating in industry events and conferences.

OTHER FUNCTIONS/RESPONSIBILITIES:

• Perform all other related duties as instructed by the supervisor/manager.
• Participate in project planning, team activities, and other high-level tasks unrelated to the job description.

Required Education and/or Work Experience:

• 4-year college degree in Computer Science or Information Systems Management and 2-3 years of demonstrated focus on cybersecurity functions.

Preferred Education and/or Work Experience:

• 4-year college degree and 5-7 years of directly related experience.

Required Licensure, Certification, Registration or Designation:

• CISSP or equivalent Cybersecurity certifications.

Preferred Licensure, Certification, Registration or Designation:

• ITIL V3 or V4 certification.

Communication/Competency/Skill Requirements:

Hard Skills:

• Strong technical knowledge: Experience with scoping, designing, and implementing large-scale, complex, and multi-technology cybersecurity projects. This includes experience with:
  • Security Operations Center (SOC) operations
  • Vulnerability Management and Penetration Testing
  • Firewall Rules Reviews and Network Access Control (NAC) configuration
  • Mobile Device Management (MDM) and Endpoint Hardening Controls
  • Secure Email Protection (SEP) and Data Loss Prevention (DLP)
  • Network Infrastructure design and security
  • Security information and event management (SIEM)
  • Authentication, multi-factor authentication (MFA)
• Security expertise: Experience with security risk management, incident response, threat analysis, security auditing, and security monitoring.
• Technical skills: Proficient in Microsoft and Linux operating systems. A strong grasp of concepts in networking, telecommunications, servers, cloud computing, and application design is a plus.
• PC skills: Advanced proficiency using standard office productivity software (e.g., Microsoft 365) and security tools.

Soft Skills:

• Communication: Excellent written and oral communication skills with the ability to effectively communicate and collaborate with diverse audiences, including general staff, IT professionals, senior management, auditors, and vendors.
• Leadership and interpersonal skills: Experience managing and motivating multiple direct reports, even in remote locations. Strong customer interaction skills are essential.
• Problem-solving and critical thinking: Ability to identify problems, analyze complex situations, and develop effective solutions.
• Organization and time management: Ability to prioritize tasks, manage multiple projects simultaneously, and meet deadlines under pressure.
• Adaptability and initiative: Flexible and adaptable to changes within the position, department, or company. Proactive and takes the initiative to identify and address security needs.
• Professionalism and integrity: Demonstrates high personal integrity, maintains confidentiality and exercises sound judgment and decision-making.

Additional skills:

• Documentation and presentation skills: Ability to create clear and concise technical documentation and deliver effective presentations to technical and non-technical audiences.
• Multitasking and teamwork: Ability to work independently and as part of a team, share workloads, and adapt to sudden changes in priorities.
• Effective communication with C-suite executives: Ability to explain complex security matters clearly and concisely to senior leadership.