Reports to: Director of Information Technology
FLSA Status: Exempt
Position Summary
We are seeking a passionate and experienced Information Security Manager to
join our team and lead the charge in safeguarding our organization's
critical data and digital infrastructure. As a pivotal member of the
leadership team, you will be responsible for developing, implementing,
and maintaining a comprehensive cybersecurity program that aligns with our
business objectives and ensures compliance with industry regulations. You will
partner with key stakeholders across departments to raise awareness, build a
strong security culture, and proactively manage our ever-evolving cyber risk
la
Duties and Responsibilities:
Develop, implement, and oversee a comprehensive cybersecurity program
and policies tailored to the specific needs of the construction industry
Conduct regular security and vulnerability assessments to identify and
mitigate threats
Implement and maintain industry-standard security controls, including
access controls, data encryption, and network segmentation
(including firewalls, antivirus, and backup)
Monitor threat landscape for Threat Actor behavior and emerging threats,
analyzes threat data, develop intelligence products to inform and drive
operations with a focus on proactive measures to mitigate risk
Define, maintain, and enforce security policies and
procedures, ensuring employee compliance through training and awareness
program
Manage and optimize the cybersecurity budget, allocating resources effectively
Build and deliver Information Security solutions that shrink attack vectors
along with preventing and properly responding to security incidents swiftly
and effectively, minimizing damage and downtime
Stay current with the latest cybersecurity threats, trends, and
regulations relevant to the construction industry
Focus on innovation and delivering Information Security solutions that follow
best practices and enable the business
Responsible for managing the daily Information Security operations
Collaborate with IT departments, business units, and senior management
to align cybersecurity initiatives with business goals
Report on the effectiveness of the cybersecurity program to stakeholders
Information Security operations, analysis, Cyber Threat Intelligence
solutions, manage Threat Intelligence Platform, dark web research,
proactive defense, detection and response strategies aligned with industry
frameworks, proactive identification of mitigation of IT risks, recurring
audits including third party audits, reports, dashboards, presenting
level of compliance controls, education
Coordinating continuous development, implementation, and updating of
security and privacy policies, standards, guidelines, baselines,
processes and procedures in compliance with local, state, and federal
regulations and standards for information systems management while remaining
current on applicable international laws and regulations that may impact the
co
Broadening and deepening knowledge of the business and technology environment
with respect to the delivery of projects, strategic initiatives, and
systems portfolio to effectively assist IT managers and staff with risk and
compliance management
Facilitating information systems security management education and training in
regulatory and industry standards for all staff
Knowledge with experience implementing and maintaining compliance and
regulatory frameworks: NIST-800-171 in relation to CMMC 2.0 (Levels 1
through 3), ISO 27001 and data privacy requirements such as CCPA and GDPR
Versed in Information Security technology suites for endpoint, cloud,
IAM, application security, security and compliance, XDR, EDR,
SIEM, ATP, email security, PowerShell, Python, IDS/IPS, VPN, DLP
Knowledge and understanding of CVE standards and classification of security
vulnerabilities
Other Duties
Please note that this job description is not designed to cover or contain a
comprehensive listing of activities, duties or responsibilities that are
required of the employee for this job. Duties, responsibilities and
activities may change at any time with or without notice.
Preferred Qualifications (in addition to minimum qualifications)
Education/Experience
Bachelor's degree in Cybersecurity, Information Security, Computer
Science, or a related field
Knowledge/Skills/Abilities
5+ years experience managing Information Security department
In-depth knowledge of intelligence analysis, cyber threat intelligence,
actors, malware, tactics, techniques, and procedures, malware,
cybersecurity best practices, and various security methodologies,
processes, and technical security solutions
Working knowledge in the analysis of host and network logs, network flow,
malicious indicators or compromise, and other evidence used in digital
forensics, incident response, cybercrime investigations, and Security
Operations Center operations
Experience in a Security Operations Center, Computer Emergency Response
Team, or similar incident response environments
Practical experience with a Threat Intelligence Platform, Security Incident
and Event Manager, or Security Orchestration and Automated Response platform
Excellent verbal and written communication skills including the ability to
clearly articulate technical knowledge to a variety of audiences. Excellent
problem-solving and analytical skills, and exceptional attention to detail