This job was posted by https://illinoisjoblink.illinois.gov : For more
information, please see:
https://illinoisjoblink.illinois.gov/jobs/12325173 SUMMARY:
This Manager, IT Security Operations is responsible for leading the team
that identifies, investigates, and responds to security incidents
affecting the organization\'s information assets. This role requires a
deep understanding of cybersecurity threats, incident response
protocols, and the ability to manage and mentor a team of security
professionals. This role also assists senior leadership with their
information security responsibilities. Overall, this role ensures that
confidentiality, integrity, and availability requirements of information
systems and assets are identified and managed appropriately.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other
duties may be assigned.
- Drives and maintains the information security risk management
function, the development of information security programs and the
identification and mitigation of information security risks.
- Develops and aligns the mission and values of the information
security risk management function with the mission and values of the
business.
- Develop and maintain incident response policies, procedures, and
documentation.
- Leads programs and processes to design a threat assessment
framework, monitors the emergence of new threats and
vulnerabilities, assess impacts and drive responses as appropriate.
Ensures ongoing analysis of information security threats,
vulnerabilities, and trends.
- Supports the evaluation of risk mitigation language in third party
agreements and vendor support contracts.
- Leads incident detection and coordination with internal and external
stakeholders to ensure comprehensive incident response.
- Ensures clear and timely business advice is provided to executive
management on key information security and assurance issues.
Additionally, develops metrics reporting to communicate
effectiveness.
- Analyze security incidents to identify attack vectors, techniques,
and potential impacts
- Establishes an information security and risk management functional
capability and framework.
- Ensures that information security and risk is adequately represented
on business and governance forums across the enterprise.
- Maintains relationships with threat intelligence communities, local,
state and federal law enforcement and other related government
agencies.
- Monitors compliance with information security policies, standards,
and processes and enforces remediation of non-compliance.
- Manage the implementation and maintenance of security monitoring and
incident response tools.
- Work with business unit managers and form alliances on projects,
operational decisions, scheduling requirements/ conflicts and vendor
contract clarification.
- Plan, implement, direct, and monitor IT technology solutions to
ensure successful fulfillment of end-user requirements, proper and
accurate testing and sound implementation. Deliver solutions
consistent within current context of overall architecture.
- Maintain and control budget, schedule and resources.
EDUCATION AND EXPERIENCE
- Relevant combination of education and experience may be considered
in lieu of degree.
- Bachelor\'s degree in computer science, business administration or a
technology-related field.
- Seven (7) years of experience leading information risk, security and
governance teams, transforming functions and changing culture.
- Demonstrated experience as a leader in information security program
management.
- Professional security management certification such as CISA, CISM,
CISSP is preferred.
- Experience with leading the response to incidents, crises, and
investigations with sensit vity, tenacity, and a focus on detail.
- Extensive experience in information security architecture,
information security standards, consultative stakeholder management,
and strategic planning.
- Experience with classified networks, information classification, and
confidentiality requirements associated with high security
environments.
QUALIFICATIONS
To perform this job successfully, an individual must be able to perform
each essential duty satisfactorily. The requirements listed below are
representative of the knowledge, skill, and/or ability required.
Reasonable accommodations may be made to enable individuals with
disabilities to perform the essential functions.
OTHER SKILS AND ABILITIES
Deep understanding of information security architecture discipline,
processes, concepts, and best practices.
Deep understanding of control, risk management and audit issues;
demonstrated consultative approach to driving change and deploying
controls.
Knowledge of common information security management frameworks such as
NIST, COBIT, ISO/IEC 27001, ITIL, and HITRUSTT.
Knowledge and understanding of relevant legal and regulatory
requirements such as HIPAA, FISMA, NIST 800-53, etc.
Knowledge of firewalls, anti-virus, intrusion detection/intrusion
prevention systems, virtual private networks, remote access systems,
network zoning, centr
