Vignetic
Information Security Manager New Jersey, NJ
Title: Information Security Manager
Job Type: Permanent
Primary Location: Multiple Locations (New Jersey, New York, Pennsylvania, Massachusetts, Maryland)
The Challenge:
Our client is seeking applicants for the position of Manager-Information Security Centre of Excellence to join their US office and act as a Business Information Security Officer (BISO) for assigned client accounts / domains reporting to the Director of Information Security CoE.
Role and Responsibilities:
- Work closely with Business, Client (as applicable), Information Security, IT and Project teams for thorough understanding of business and client security requirements and coordinate secure business enabling solutions.
- Build and maintain effective relationship with Business, Client, IT and Information Security stakeholders. Be the voice of Information Security for business teams & clients and the voice of the business & clients within Information Security.
- Own and communicate the account level roadmap for Information security aligned with the client’s risk appetite and overall Information Security roadmap, identifying and resolving applicable implementation level risks and issues.
- Facilitate planning, introduction, delivery of account level Information Security support and initiatives, like:
- Coordinate internal and client required compliance activities, security audits, point services like 3rd party vulnerability assessments, client’s security questionnaires, etc.
- Drive security capability / maturity improvement, security awareness and education
- Secure architecture design and implementation of processes
- Contribute to cyber resilience strategy and response (as applicable)
- Ensure that the client’s and its client’s security policy compliance is appropriate managed within assigned domain / account
- Share knowledge and expertise of in-country (or regional) cybersecurity policy and regulatory environment with key stakeholders and clients
- Support the broader Information Security team in maintaining cybersecurity hygiene and seek opportunities to enhance and improve security of Information involved in assigned domain and/or account.
- Provide senior account and organizational leadership with accurate assessments of our security posture and progress on industry standard frameworks on an ongoing basis.
- Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture
Essential skills and requirements:
- 10+ years in a similar role in a large international organization
- Proven experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery.
- Confident, energetic self-starter with strong written and oral communication skills, and a focus on translating technically complex issues into simple, easy to understand concepts
- Ability to bring key stakeholders together to rapidly and collaboratively achieve consensus on priorities and path forward to work tasks and projects
- Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
- A good understanding of Security frameworks including NIST, SANs, COBIT, CIS, ISO 27001, etc. Familiarity with US, Global healthcare and pharma specific data, cybersecurity regulatory requirements.
- Proven work experience with multinational enterprises.
- Bachelor’s degree in a related discipline and professional certification (CISSP, CPA, CIA, CISA, CISM, CRISC or similar)
Preferred Qualifications (Desired Skills/Experience):
- Work experience with Healthcare and Pharma organization involving IT and Security functions.
- Knowledge and experienced working with security frameworks, assessments
- Familiarity with security controls and services on endpoint devices, in-house and commercial applications, Window and Linux servers, and infrastructure network devices
- Effective analytical skills with an ability to identify and resolve issues
- Tolerant of ambiguity and the flexibility to work well in a dynamic environment
- High attention to detail, self-starter, results driven
- CISSP, Security+ or other cybersecurity certifications
- Project management, team lead experience
- Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS)
#IND123