• Manager, Information Security

    Experience (Years)
  • Position Overview

    Reporting to the Director of Information Security, the Manager, Information Security provides technical leadership, expertise, and direction working with staff to design and implement enterprise wide Information Security systems. Provides proactive operational responsibility for Information Security incident prevention, detection, and remediation. Ensures effective operations of the Information Security department in accordance with established standards and processes.

    Qualifications Include

    • Bachelor's Degree in Cyber Security, Computer Science, or other related field. Master’s Degree preferred.
    • Minimum of seven to ten years hands-on operation and administration of security systems, demonstrating technical expertise in systems administration and security tools with a thorough knowledge of security practices, standards and procedures. Prior management experience preferred.
    • Knowledge of application security and architecture, AWS cloud security, and identity access management.
    • Understand security automation techniques and DevSecOps methodologies to meet demanding agile development and CICD workflows.
    • Strong understanding of network traffic analysis and Linux and Windows internal security processes.
    • Experience with PCI compliance and other information-oriented audits, including disaster recovery and business continuity.
    • Knowledge of security tools for vulnerability scanning and analysis, intrusion detection and prevention, security event log monitoring and analysis such as Qualys, Nessus, Alert Logic Cloud Defender and Cloud Insight, Tripwire FIM, Veracode and McAfee SIEM.
    • Requires Certified Information Systems Security Professional (CISSP) or other industry standard security certification.
    • Experience with industry best practices and compliance standards (i.e. NIST, ISO, CIS, PCI, GDPR).
    • Perform other functions as required.

    Key Responsibilities

    • Provides advisement on all facets of information security to the Director of Information Security
    • Serves as point of contact to manage internal & external contractors as well as third party security vendor and system tester relationships. Reviews and audits vendors contracts to ensure best practices. Makes sure outputs are in line with agreed upon terms, within scope and budget and handled in a timely manner.
    • Collaborates with Legal and Risk Management to enforce CR’s vendor management programs.
    • Manages and directs the Information Security Administrator on daily security operations.
    • Creates, implements, maintains and enforces policies, procedures, and associated plans for system security and administration.
    • Leads the design of security architecture for a hybrid environment consisting of AWS cloud, VMWare, and physical assets.
    • Provides technical expertise in incident management processes to proactively obstruct and contain threats.
    • Researches, recommends, and implements risk mitigation strategies that are aligned with business goals and objectives.
    • Ensures CR maintains PCI DSS compliance; collecting requirements, evidence and coordinating across organization to ensure adherence to the standard.
    • Generates comprehensive reports and recommendations on the security risks and vulnerabilities. Presents to Leadership as necessary.
    • Stays abreast on latest cybersecurity news and trends; continues education through study, organizational memberships and conferences
    • Communicates with multiple departments and levels of management in order to resolve technical and procedural information security risks and to ensure secure product development and delivery.
    • Creates engaging user training materials to educate on key information security principles.
    • May manage Information Security staff. Provides technical guidance and leadership to less experienced staff.
    • Represents InfoSec and CR at security forums and speaking events, internally and externally


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed