Manager, Corporate Information SecurityApply Now
WHAT YOU WILL DO IN THIS POSITION:
Manages the day to day activities of the Corporate Information Security team. Maintains the IT Security Program to protect the confidentiality, integrity, and availability of the NCCI information technology systems and data.Provides information security strategy, policy, standards, risk assessments, management processes and technology to ensure NCCI information assets are adequately protected with acceptable levels of controls.
Plans, directs, and oversees day to day Information Security activities related to identity governance, application development security, system and network security, security operations, security monitoring, governance and compliance and security awareness.
Collaborates with the Information Security Architects and the Executive Director- Corporate Information Security on the:
•Creation and execution of the Information Security Strategy
•Design and implementation of Information Security Architecture
•Development, implementation, and governance of the Information Security Program
•Planning and management of the Enterprise Information Security (EIS) budget and EIS portions of the overall IT budget
Manages and directs assigned staff. Duties include, but are not limited to, decisions about hiring and staffing; position design, organization structure; performance assessment; coaching; pay; and corrective action and separations.Develops, reviews, and/or approves work schedules, work assignments, work processes, PTO and other time-off requests, and development through relevant training programs for staff.
WHAT YOU MUST BRING TO THE ROLE:
- Bachelor’s Degree in Management Information Systems, Information Systems, Computer Science or other relevant fields and minimum of 8 years of Information Security experience including 5 years of Information Security management or leadership experience in an Information Security role
- In lieu of degree, additional work experience and/or trade school or applicable certifications required.
- Active Certified Information Systems Security Professional(CISSP) Certification
- Detailed knowledge of multiple disciplines within Information Security including but not limited to Identity Governance, System and Network Security, Security Governance, Cybersecurity Risk, Security Frameworks and Best Practices, Cryptography, Incident Handling, and Application Security.
- Detailed knowledge of current security protocols, standards and methodologies, including but not limited to HIPAA, PCI, NIST Cybersecurity Framework and ISO/IEC 27000 series.
- Knowledge of risk management practices
- Expert level troubleshooting/analytical skills
- Strong leadership, relationship, and decision-making skills
- Experience with coaching and developing others either directly or indirectly
- Ability to think strategically and demonstrate an enterprise mindset
- Excellent verbal, written, and interpersonal communications skills
- Ability to stay current with new technologies to evaluate security risks of evolving technology
- Additional Information Security Certifications such as Certified Information Security Manager (CISM), GIAC Cybersecurity Certifications, etc.
- Customer Operations
- Information Technology
- Data Resources
- Regulatory Services
- Human Resources
- Workers Compensation