Information Security Manager
Buffalo, NY Buffalo, NY 14201 | Permanent
LHTS is seeking an Information Security Manager to fill a critical role working on Information Security Policies, Standards, Processes and Procedures intended to prevent unauthorized access to company information assets. The candidate selected for this role will work closely with the Information Security Office to ensure league-offered security tools and services are appropriately leveraged, and best practices are implemented.
The Information Security Manager will be accountable for creating, managing and enforcing Information Security policies and procedures that meet or exceed the Information Security Policies, and are in compliance with PCI, HIPAA, and PII regulations.
The candidate that fills this position will also be responsible for managing the security of corporate devices and applications, disaster recovery and business continuity planning, risk management and mitigation, and vulnerability management.
Responsibilities will Include:
• Establish, maintain, optimize, implement, and assess adoption of Information Security Policies, Standards, Processes and Procedures.
• Advocate strong security posture and ensure compliance with PCI-DSS, HIPAA, and PII regulations.
• Manage vendor security provider relationships and services.
• Conduct security audits, vulnerability scans and risk assessments, and provide recommendations to mitigate risks.
• Ensure Disaster Recovery Policies and Procedures are implemented, tested and contingency plans are established for Business Continuity.
• Own Incident Response planning and end to end response handling.
• Define and enforce controlled access to security zones as required.
• Produce and manage user Information Security Awareness Program.
• Ensure logs are monitored of any suspicious activity, security problems, or errors. Irregularities are investigated and resolved immediately. Historical tracking is done for future comparison and planning.
• Maintain Cyber Hygiene through vulnerability management program that ensures all systems are regularly scanned, patched, and remediated as appropriate.
• Ensure appropriate design of solutions, configuration and/or support of Firewalls, Intruder Detection or Prevention Systems, VPNs and enterprise gateway devices.
• Ensure appropriate hardening of server and desktop operating systems.
• Bachelor of Science degree in Information Technology or related field.
• 3-5 years prior experience in Information Technology, with emphasis on Information Security.
• Policy creation and lifecycle.
• Excellent communication skills, written and verbal. Ability to translate and communicate with non-IT population.
• Solid organization skills with an ability to maintain good documentation and record keeping.
• Strong and effective problem solving skills related to Cyber Security.
• Knowledge of Firewall Configuration, Server hardening, and Desktop Security Controls.
• Strong analytical skills with the ability to provide clear and concise verbal and written communications of analyses, results, and planning.
• Previous experience with PCI-DSS, HIPAA, and other Information Security standards such as ISO/IEC 27001:2013 and NIST.
• Previous experience with backup, disaster recovery, business continuity planning.
• Knowledgeable in principles of Risk Management, specifically related to Cyber Security.
• Information Security Certifications