Friedman Williams
INFORMATION SECURITY MANAGER (ISM) New York NY
Job ID: 17187
Position Summary: Reporting directly to the CIO, the Information Security Manager (ISM) responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders. The prime responsibilities of the ISM role are to identify, quantify and proactively address security issues
and changes in the businesses risk profile. The ISM will focus on improving the end-to-end risk posture, and ensure appropriate controls are implemented across the technology landscape to operate within risk appetite. The ISM will be expected to drive effective risk & controls management and support the IT team through identification of control weaknesses and recommendations for improved security; articulation of the business impact and associated risk; and educate on proactive measures to remediate. The ISM will manage the overall security program, ensuring the security compliance facing off to auditors, Cybersecurity DDQ’s from clients, and providing all Cybersecurity training. You will partner closely with the IT Department to ensure the work is appropriately prioritized to ensure the technology landscape is
operating within the risk appetite, and provide transparent reporting to senior management on the overall risk position.
This position will require the candidate to work both in the NY office and remotely.
Primary Job Functions
• Build and cultivate a security focused culture through partnership and collaboration with the business and technology teams to deliver value and improve security posture of the firm
• Serve as the Information Security lead with both direct and indirect leadership responsibilities across the Information Security program; the role is strategic, requiring broad mastery of the cyber security, IT and risk programs
• Interface extensively with executive leadership on business risk priorities, business and technology investments, and key business strategies, providing expert advice on cyber security
and risk implications across the firm
• Manage and mentor members of the Information Security Team, providing support and guidance with career development and progression
• Develop strategic goals and objectives for the department and provide written and verbal updates to CIO and business leadership
• Ensure that all information security policies remain up-to-date and are regularly reviewed
• Ensure all firm information security systems are configured and operating according to policies and standards
• Ensure technology risk impacting the business is effectively identified, quantified, communicated and managed, including recommendations for resolution and identifying the root cause/key themes
• Collaborate with third-party Managed Detection and Response provider to ensure security logging and monitoring strategy is implemented and to create custom and relevant use cases
• Lead incident response, including triage, containment, investigation, and remediation efforts
• Investigate and report relevant information regarding security breaches and other incidents
• Report information security incidents as per the incident response policy
• Develop incident response plan and incident response playbooks and ensure that they are regularly reviewed and maintained
• Lead completion of security tickets assigned to the information security team
• Take ownership of threat detection and vulnerabilities discovered, general documentation, log sources documentation and maintenance of the security case management platform
• Provide additional inputs for further investigations based on logs collected in the available information security Logs and available detection platforms
• Respond to security incidents across a wide array of technologies, mitigate and contain impacts, coordinate remediation efforts, summarize and make recommendations for improvements
• Assist in responding to client security audits and questionnaires
• Assist in leading information security reviews of third-party providers
• Maintain and oversee privileged access management software
• Monitor and ensure security control effectiveness
• Collect and provide updates to management on key security-related metrics
• Assist with risk assessments to assess security gaps and risks
• Engage in IT and security architecture and design discussions to determine and implement appropriate security controls
• Efficiently manage multiple simultaneous tasks across new projects and existing systems
• Lead enterprise-wide security training and awareness efforts
• Evaluate effectiveness of security controls
• Ensure that all information created, acquired, or maintained in performance of job duties is used in accordance with the intended purpose, and adheres to KKWC’s standards
Basic Qualifications:
• Bachelor’s degree in Computer Science of a related field, or equivalent work experience
• Minimum 8 years of experience at the senior level working in information security
• Extensive experience with technologies used for vulnerability management, identity and privileged access management, data protection, security information and event management (SIEM), endpoint detection and response (EDR), and data loss prevention (DLP)
• Experience with Active Directory and Group Policy
• Experience with information security frameworks including ISO 27001, NIST Cybersecurity Framework, and other compliance frameworks
• Experience undergoing audits and developing security policies and procedures
• CISA (Certified Information Security Auditor) or Certified Ethical Hacker (CEH) is a plus
• Familiarity with Artificial Intelligence (AI) and Machine Learning (ML) usage and security controls is a plus
• Experience conducting security vulnerability assessments, penetration testing, and ethical hacking is required; familiarity with the ISO/IEC 27001 standards and compliance is required
• Clear understanding of the latest Microsoft Windows, Apple OSx, and Linux operating systems; intimate knowledge of mobile devices (smart phones, tablets, etc.…)
• Must have understanding of information systems security; network architecture; network security; general database concepts; document management; hardware and software troubleshooting; electronic mail systems, such as Exchange, Document Management Systems; intrusion test tools; and computer forensic tools
• Excellent written and verbal communication skills, including the ability to articular complex issues to technical and non-technical stakeholders
• Demonstrated critical thinking, problem-solving, and project management skills
#LI-TG1
$150,000 to $190,000