RahrBSG is looking for an Information Systems Security Manager in Shakopee Minnesota.
The Information Systems Security Manager is responsible for protecting an organization's computer networks, systems, and data from cyber-attacks, viruses, and other security breaches. A successful ISSM drives results in developing, implementing, and maintaining a comprehensive security strategy that protects our critical assets and data from unauthorized access, use, disclosure, disruption, modification, or destruction.
Roles And Responsibilities
- Acquires and manages the necessary leadership support, financial resources, and key security partners and personnel to support IT security goals and objectives and reduce overall organizational risk.
- Collects and maintains data needed to provide system cybersecurity reporting.
- Communicates the value of information security throughout all levels of the organization.
- Evaluates, validates, and implements security improvements as required.
- Coordinates cybersecurity inspections, tests, and reviews for the network and digital environments.
- Integrates cybersecurity requirements into the continuity planning for each system/organization.
- Evaluates and approves development efforts to appropriately install baseline security safeguards.
- Identifies alternative information security strategies to address organizational security objectives.
- Identifies IT security program implications of new or upgraded technologies.
- Interprets patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
- Manages the monitoring of information security data sources to maintain organizational situational awareness.
- Facilitates internal and external information security risk assessment processes.
- Participates in the development or modification of the computer environment cybersecurity program plans and requirements.
- Prepares, distributes, and maintains plans, instructions, guidance, and standard operating procedures concerning the security of network system operations.
- Provides system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
- Recognizes security violations and takes appropriate action to report incidents, as required.
- Supervises or manages protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
- Tracks audit findings and recommendations to ensure that appropriate mitigation actions are taken.
- Ensures that plans of action or remediation plans are in place for vulnerabilities identified during risk assessments, audits, or inspections.
- Develops and manages relationships with key security vendors and resources and maintains vendor security requirements and qualification processes.
- Monitors network operations and infrastructure and analyzes reports from monitoring systems for signs of future risks.
- Investigates security system failures and employee violations to assess weaknesses and leads the response when a security breach occurs.
- Develops and implements risk management processes, analyzes company databases, and identifies and addresses potential security risks.
- Runs simulated attacks to evaluate the effectiveness of security measures, and tests where issues are anticipated.
- Serves as a focal point of contact for the information security team and the customer or organization.
- Assures successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals.
Minimum Education & Work Requirements
- Bachelor's degree in computer science, information technology, or related fields preferred.
- 5+ years relevant experience in information systems security roles (e.g., ISSE, ISSO, or ISSM).
- Security certifications such as CISSP, CISA, or CEH are preferred.
- Proven technical experience in Cloud based Security (AWS, Azure, M365), Active Directory, Network security and communication protocols, EDR, and XDR.
- Firsthand experience analyzing a high volume of logs, network data, and SOC reports.
Knowledge, Skills, And Abilities
- Proven experience in incident response, forensics, and cybersecurity engineering troubleshooting.
- In-depth understanding of common operating systems (Linux/Windows), networking protocols, application security, databases, and Internet applications development.
- Proficiency in communicating technical security information to non-technical personnel, with strong verbal and written communication skills.
- Ability to work independently in a self-directed manner and collaboratively as a member of security and IT teams.
- Capability to create and implement detailed action plans and strategic security solutions, including writing security requirements and design documents.
- Experience with encryption technologies and change management tools and methodologies.
- Expertise in risk, compliance, and information security policy development, including corporate/industry information security governance and risk compliance practices and standards.
- Development of educational programs in security awareness.
- Knowledge of IT processes, controls, and risk/security frameworks, as well as information security regulatory standards such as ISO 27001/2 and NIST.
- Well-rounded expertise in IT security areas and concepts such as data backup and recovery, business continuity/disaster recovery, intrusion detection, data controls, encryption algorithms, network security architecture, network traffic analysis, server and client operating systems, IT supply chain security, and supply chain risk management.
- Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
- Up-to-date understanding of new and emerging IT and cybersecurity technologies, threats, and threat vectors, with the drive to keep abreast of future trends and developments.
- Familiarity with vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins) and various system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channels, replay, return-oriented attacks, and malicious code).
Medical benefits with family coverage paid for at 90%
Dental and Vison Programs
Generous 401(k) Company Contribution of 15%
Employee Assistance Program
Paid Life Insurance
Short Term Disability
Long Term Disability
Tuition Reimbursement
Generous PTO
Separate Sick Time Policy
12 Paid Company Holidays
Parental Leave
Career Growth and Progression Paths
Stability and Backing of a 177-year-old Family Owned and Operated Company
PI248310104