Information Security Manager

Job Description

<strong>Responsibilities:</strong><br><br><p>*Lead, manage, and own the activities necessary to perform information security risk assessments on the global third parties for services of varying criticality and complexity. At the conclusion of the assessment process, this position will make a decision on the remediation actions to pursue. Failure to do so properly can expose the client to significant risks.<br><br>*Advocate and be an ambassador of other critical third-party related security assessment activities such as ensuring contracts include the required Global Information Security Requirements (GISR) and completion of Payment Card Industry Data Security Standards (PCI-DSS) assessments. The Assessor is commonly a critical link to identify when GISR and/or PCI actions are needed. this role will have a material impact on educating Business Teams and providing direction to further those initiatives.</p><br><br><p>*Partner with stakeholders to drive various process improvement initiatives and efforts to further enhance the TPSRM assessment process. In this capacity the position will set the direction of key initiatives and their implementation with Business Teams around the globe. This role will work to obtain buy in from Business Teams and then further their adherence through training and follow-up.</p><br><br><p>*Develop innovate mechanisms to allow critical documentation to be securely stored and readily available for analysis and reporting purposes. The data captured and archived is critical to ensure historical references, manage day-to-day third-party risks, review trends and work management initiatives, and provide as evidence of adherence to regulatory, compliance, and policy requirements.<br><br>*Act as a trusted liaison providing guidance to Business Teams and other stakeholders at various levels (including executives) around the globe in support of third-party information security risk assessment activities. This requires a great level of technical and client relationship expertise to properly provide accurate advice. Not doing so could lead Business Teams in the wrong direction and potential prolong or severely impact the success of initiatives.<br> </p><br><br><strong>Qualifications:</strong><br><br><ul><br> <li>Strong third-party information (cyber) security risk assessment skills to evaluate functional and technical capabilities of third parties.</li><br> <li>In depth technical experience and knowledge of infrastructure technologies, network, web, computing, cloud services, manufacturing equipment, mobile devices, allowing this role to provide technical leadership and coaching to other members of the organization.</li><br> <li>Thorough understanding of Confidentiality, Integrity, and Availability controls, Privacy laws, as well as PCI-DSS compliance assessment (SAQ, ISA, QSA) principles.</li><br> <li>Technical and business expertise and savviness to drive information security requirements/ clauses in third-party contracts, together with people skills to negotiate requirements with third-party representatives.</li><br> <li>Bachelor’s degree, master’s degree preferable.</li><br> <li>7-10 years of experience in third-party information security risk compliance and/or governance.</li><br> <li>7-10 years of technical experience across various information security related areas including web technology, networking concepts, systems infrastructure, cloud services, manufacturing equipment, mobility, computer applications, and information security.</li><br> <li>Proficient in Microsoft Excel, Word, and PowerPoint skills to develop ad hoc reports to convey results, influence executive leadership, manage expectations, and improve metrics.</li></ul>