Manager, Information Security- Hybrid, Pittsburgh, PA (candidates must be local to Pittsburgh, PA)
Apply NowCompany: A.C. Coy
Location: Pittsburgh, PA 15237
Description:
Overview
Location: Hybrid- Pittsburgh, PA (candidates must be local to Pittsburgh, PA)
Job Type: Full Time/Permanent
Work Authorization: No Sponsorship
The A.C.Coy has an immediate need for a Manager of Information Security for a full time opportunity.
Responsibilities
Qualifications
Education: Bachelor's Degree or equivalent experience
Location: Hybrid- Pittsburgh, PA (candidates must be local to Pittsburgh, PA)
Job Type: Full Time/Permanent
Work Authorization: No Sponsorship
The A.C.Coy has an immediate need for a Manager of Information Security for a full time opportunity.
Responsibilities
- Collaborate closely with various Technology teams and Firm leadership to inspire, mentor, and cultivate the skills of the security team members, fostering a high-performance environment
- Develops and maintains information security policies, procedures and training and advise the various departments in adhering to them
- Leads the ongoing ISO 27001/27701 lifecycle and manage the relationship with our consulting team to ensure security operations compliance
- Provides expert opinions and leadership over existing technical threats and advice on how to mitigate or identify as acceptable risks
- Oversees vulnerability scanning and remediation programs
- Establish and Oversee Security Metric investments and risk trending dashboard
- Oversees and/or assists in performing on-going security monitoring threat avoidance analyses
- Manage relationships with security managed service providers and continuously develop their capabilities
- Analyzes new systems (hardware and software) and provides recommendations concerning their security
- Coordinates the development of an ongoing information security awareness program to ensure that employees are aware of threats and how to help ensure privacy of data
- Provide responses to client security audits/questionnaires/RFP's
- Maintains appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted client data and reasonably protect against anticipated threats and hazards
- Ensures compliance through adequate training programs and oversight of periodic internal and 3rd party security audits
- Assesses audit results and partners with staff to create pragmatic action plans
- Monitors execution and completion of action plans
- Provides technical guidance and training to information owners and designs and implements programs for user awareness, compliance monitoring and security compliance.
- Develops and maintain an ongoing risk assessment program targeting information security and privacy matters
- Active participant in Information Security and serves as Technology leader for incident response
- Serves as primary contact for Technology incident responses
Qualifications
Education: Bachelor's Degree or equivalent experience
- 10+ years of experience working in an Information Security related field
- 5+ years of experience managing a team of technical security engineers
- One or more of the following certifications strongly preferred: CISSP, CISM; matriculating candidates considered
- Strong understanding of various security frameworks; ISO27001/ISO27701 and SOC
- Working knowledge of EDR, Vulnerability Scanning, Firewall, Proxy, PAM/PIM, SIEM and other security-related technologies
- Ability to understand technical implications of security threats and prioritize risk
- Willingness to travel to other offices as required