K2 Intelligence is looking for an experienced information security manager. The candidate will be responsible for analyzing and providing strategic direction and design solutions for K2 Intelligence. The successful candidate will possess an in-depth knowledge of information and security systems, services, best practices, policies, procedures, and controls, as well as a working knowledge of regulatory requirements. They should have expert-level awareness of industry trends and the ability to efficiently communicate equally well with upper management and technicians.
The information security manager will have three main areas of responsibility:
- Provide operational leadership and technical guidance, both strategic and tactical, to security teams, IT, and other practices as required.
- Perform security assessments and consulting services for internal and external clients.
- Provide leadership and guidance to in-house security operations center (SOC) staff and incident response teams.
- Liaise with business owners and stakeholders to identify information security risks and create information security strategies, policies, processes, and technology solutions.
- Ensure information security practices align with regulatory requirements.
- Provide information security requirements for technology initiatives.
- Define and document information security standards and practices.
- Research, evaluate, design, and recommend new information security technologies.
- Evaluate and assess emerging information security threats and vulnerabilities and recommend mitigation strategies.
- Advocate for information security policies, procedures, and standards for the organization.
Governance and Control
- Perform information security risk assessments, analysis, governance, and control practices internally as well as for external clients.
- Implement and manage an information security exception process to ensure resolution plans are appropriately tracked to closure.
- Interpret and act on information security intelligence and incident reports.
- Guide information security incident analysis and response teams.
- Assist with organizational compliance to corporate information security policies and standards.
- Escalate information security issues to leadership as appropriate.
- Help with development of security awareness training for the organization.
- Prepare presentations and reports on information security trends.
- Perform information security audits, assessments, or gap analyses and report on findings and corrective actions to both internal and external clients.
- Develop and report on information security metrics (KPIs).
- Bachelor's degree required.
- Minimum six years’ experience in information security.
- Must have managed staff, vendors, and consultants.
- Excellent project management and organization skills.
- Strong interpersonal and written/oral communication skills.
- In-depth knowledge of information security standards such as ISO27001, PII, PCI and DFS.
- General understanding of risk-based assessment methodologies.
- Working technical knowledge of networks, applications, operating systems, databases, etc.
- Must be proficient in Microsoft Office Suite programs.
- Experience with endpoint security, NIDS, SIEM, and vulnerability scanning.Working knowledge of a variety of information security products.
In order for us to manage your application effectively, please include in the subject line of your email your full name, the role you are applying for, and the location of the role.