***This position can be located in either Livonia, MI or Kingsville, Ontario
The IT Security Manager will be responsible for developing, implementing and monitoring the enterprise cybersecurity and IT GRC management program. The IT Security Manager will provide the vision and leadership necessary to manage the risk to the organization and will ensure business alignment, effective governance, system and product availability, integrity and confidentiality. The IT Security Manager is expected to interface with peers in the IT departments as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation.
The IT Security Manager is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem. The IT Security Manager leads the development and implementation of security solutions and processes across the organization. They are responsible for providing operational security solutions that would enable the success of IT and business initiatives.
- Provide guidance in planning and scoping Security Assurance engagements
- Provides strategic risk guidance for IT projects, including evaluations and recommendations of technical controls.
- Oversee security testing performed by internal team members and external partners
- Compile relevant security metrics and deliver them to stakeholders and senior leadership
- Represent the organization as a Subject Matter Expert in security requirements.
- Provide clear guidance to company employees and recommend modifications to operations policies and/or procedures as appropriate.
- Develop, implement and maintain a Security Program to include monitoring system security measures to ensure alignment with goals.
- Advise on configuration management activities, including an assessment of modifications and/or vulnerabilities.
- Develop and implement procedures for responding to security incidents and investigating and reporting security violations and incidents as appropriate.
- Develops, maintains and publishes up-to-date security policies, standards and guidelines.
- Oversees training and dissemination of security policies and practices.
- Evaluates new cybersecurity threats and IT trends and develops effective security controls. Oversees development of security awareness programs.
- Work with Legal and Finance Departments to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.
- Bachelor s degree in Management Information Systems, Computer Science, Engineering or related discipline. An advanced degree is preferred.
- 10+ years IT experience, 6 to 8 years in a combination of risk management, IT Leadership information security and information technology desired.
- One or more certifications preferred: CISM, CISA, CISSP, CRISC, or HISP
Knowledge & Experience
- Good understanding cloud-based services in the areas of security automation, engineering and design.
- Experience assessing and supporting standards-based security control requirements (e.g., SOC 2, ISO, NIST, etc.) and related audits for compliance.
- Experience implementing security tooling, processes, and strategies in the areas of AV endpoint protection, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Active Directory, SAML / ADFS, Multi Factor Authentication, RADIUS, and related technologies.
- Demonstrated knowledge of IT networks and systems and associated security principles (e.g., firewalls, DMZ, Storage, Virtualization, OS-level configuration, encryption, load balancers, proxies, VPN, bandwidth management), resiliency and redundancy).
- Developed and deployed a targeted information security awareness training program for all employees, contractors and approved system users, with established metrics to measure the effectiveness of this security training program for the different audiences.
- Experience in Unix, Windows, Linux, TCP/IP, Storage devices, network devices, fail-safe strategies, system architecture, LAN and WAN methods and intranet/internet security environments including; firewalls, intrusion detection, incident response, policy writing, vulnerability testing, operating system hardening, regulatory compliance and data classification.
- Experience in performing Cloud Computing vendor evaluations (SasS, PaaS, IaaS).
- Knowledge of relational database design and architecture with experience in data administration and security methods with tier 1 ERP (Oracle, SAP, etc.), web application layers, e-commerce, and SQL.
- Experience in IAM, NIDS/HIDS, SEIM, Log Management, Patch Management, Vulnerability Management, eDiscovery, Virtual Machine Security, Wireless and Mobile Security, and Industrial Controls.
- Excellent analytical and problem-solving skills.
- Ability to work with and appropriate communicate with all levels of staff from shop floor workers to executive management team.
- Self-motivated and desire to learn/acquire new skills.
- Excellent communication & interpersonal skills, utilizing data to tell a story.
- Top-notch work ethic and customer service orientation.
- A high degree of integrity, confidentiality and commitment.
- Experience in working in team/collaborative environment.
- Ability to work independently and meet deadlines in a fast-paced environment.
- Courtesy, respect, and thoughtfulness in teaming with colleagues and other stakeholders.