IT Security Manager
Atlanta, GA | Direct Hire
IT Security Manager
Location: Atlanta, GA
The Security Manager will lead the company' s Information Security risk assessment and management effort. A qualified candidate will utilize experience-based expertise in risk management, assist in IT compliance activities (e.g. PCI), develop and maintain internal policies/standards/procedures, and provide support for both the internal risk acceptance and data ownership processes. The Security Manager will leverage understanding of information technology risks/controls and communication skills to support governance/compliance activities and to identify risk to business partners within IT, Development and other business units.
• Perform information security assessments leveraging industry best practices, internal policy framework, and security/control frameworks.
• Manage recurring access reviews, risk/control processes, and other compliance activities to support Information Technology compliance requirements
• Act as subject matter expert regarding application and infrastructure best practices to ensure solutions are compliant with the latest compliance requirements
• Partner with and review solution enhancements and new solutions to ensure new vulnerabilities are not introduced
• Partner with internal infrastructure resources and line of business managers to maintain a secure work environment
• Serve as an internal information security consultant to the organization through involvement in key projects and governance/compliance activities
• Lead the PCI Compliance Effort and all associated documentation, solution implementation and issue remediation required to maintain PCI Compliance
• Develop and maintain policies/standards/procedures in partnership with Information Technology and other business units.
• Stay ahead of IT Security threats and best practices in order to proactively maintain a secure internal and production environment
Experience - 4 to 7 years
Specific areas of expertise - Must have at least seven years of information Technology experience, with five years experience in installation and support of Windows workstation hardware (Mac a plus), server hardware, software (operating systems, utilities, and applications), and imaging / desktop management. Must have knowledge of data center facilities management.
• Working knowledge of IT general controls (logical access, change management, operations, governance, etc)
• Comprehensive knowledge of risks and controls across multiple layers of the OSI model and accompanying technologies (SQL/Unix/Windows/Oracle)
• Working knowledge of security/control/governance frameworks such as ISO 27001/2, COBIT 4.1/5, NIST
• Experience in IT control/risk assessment
• Working knowledge of compliance requirements associated with SOX, PCI, and HIPAA/HITECH
• Information Security GRC, IT Audit, or IT Advisory/Consulting CISA/CRISC/CISSP Certified preferred
• Ability to effectively plan, organize, schedule and coordinate among competing priorities across multiple entities
• Good interpersonal skills with staff, end-users, peers, management, and vendors
• Strong understanding of hardware-related best practices, policies, procedures and implementation experience
• Ability to effectively communicate complex technical issues.
• Ability to proactively identify and evaluate problems to determine root causes while escalating risk areas to mitigate their impact
• Ability to quickly translate issues threats and vulnerabilities into an impact analysis and create a realistic corrective plan of action