Information Security Manager
Company: Brooksource
Location: Indianapolis
Posted on: May 4, 2024
|
|
Job Description:
*Information Security Manager**Indianapolis, IN (hybrid work
structure) **Contract to Hire**3+ years of experience*Position is
responsible for collaborating with supported agencies and
departments on Cybersecurity strategy, helping to ensure secure
Enterprise and Department-level Configuration and Supply Chain
Management for IT Services and solutioning. Position manages the
development of standards, best-practices, guidelines, and policies
for how those services, solutions, and their accompanying data,
should be implemented and maintained in the future in line with the
state agencys IT Governance Plan.*Key Responsibilities** Facilitate
an information security governance structure through the
implementation and management of a hierarchical governance program,
including the formation of an information security steering
committee* Directly supports and champions the state agencys goals
of diversity, equity, and inclusion by ensuring compliance with
Federal and State compliance frameworks impacting equity and
inclusion (e.g., Section 508, WCAG certification, etc.)* Manage and
support an information security awareness training program for
employees, contractors, and approved system users, and establish
metrics to measure the effectiveness of this security training
program for the different audiences* Work to ensure that
information security requirements are included in contracts by
working with the CISO, ISA counsel, purchasing and the procurement
teams* Manage the information security function across the state
agencys enterprise to ensure consistent and high-quality
information security management in support of the business goals*
Manage the information security approach and operating model in
consultation with stakeholders and aligned with the risk management
approach and compliance monitoring of nondigital risk areas* Assist
in the management of the budget for the information security
function, monitoring, and reporting discrepancies* Collaborate in
the development of an information security vision and strategy that
is aligned to organizational priorities and enables and facilitates
the organization's business objectives, and ensure senior
stakeholder buy-in and mandate* Develop, implement, and monitor a
strategic, comprehensive information security program to ensure
appropriate levels of confidentiality, integrity, availability,
safety, privacy, and recovery of information assets owned,
controlled, or/and processed by the organization* Work effectively
with business units to facilitate information security risk
assessment and risk management processes, and empower them to own
and accept the level of risk they deem appropriate for their
specific risk appetite* and reporting framework to measure the
efficiency and effectiveness of the program, facilitate appropriate
resource allocation, and increase the maturity of the information
security, and review it with stakeholders at the executive and
board levels* Collaborate with external agencies, such as law
enforcement and other advisory bodies, as necessary, to ensure that
the organization maintains a strong security posture and is kept
well-abreast of the relevant threats identified by these agencies*
Manage the enterprise architecture team building alignment between
the security and enterprise architecture, ensuring that information
security requirements are implicit in these architectures and
security is built in by design. Coordinate and communicate the
enterprise architecture with the Enterprise IT Operations team to
ensure smooth IT governance throughout the ITIL delivery cycle*
Manage a risk-based process for the assessment and mitigation of
any Enterprise information security risk posed by supply chain
partners, vendors, consumers and any other third parties* Manage
the processes for information security risk and for legal and
regulatory assessments, including the reporting and oversight of
treatment efforts to address negative findings* Manage technology
dependencies outside of direct organizational control. This
includes reviewing contracts and the creation of alternatives for
managing risk* Manage and contain information security incidents
and events to protect state agencys IT assets, confidential
information, regulated data, and the state agencys reputation*
Monitor the external threat environment for emerging threats, and
advise relevant stakeholders on the appropriate courses of action*
Coordinate the development of implementation of incident response
plans and procedures to ensure that business-critical services are
recovered in the event of a security event; provide direction,
support, and in-house consulting in these areas* Conduct and attend
project meetings to provide security and governance input
throughout project lifecycles* Creates, refines, delivers, and
evangelizes information security standards to be used throughout
the enterprise that balance business needs and external
requirements* Ensure through creation or delegation that all
security-related documentation is complete, current, and stored
appropriately* Analyzes enterprise-wide development needs and
management of an architecture governance process* Manages Day to
Day security services through Managed Services Provider and Direct
Reports* Monitors changes in the legislative, regulatory, and
contractual landscape to ensure that the information security
program is always at least one step ahead*Documentation:** Manage
and enhance an up-to-date information security management framework
based on the National Institute of Standards and Technology (NIST)
Cybersecurity Framework* Manage a unified and flexible control
framework to integrate and normalize the wide variety and
ever-changing requirements resulting from global laws, standards,
and regulations* Manage a document framework of continuously
up-to-date information security policies, standards, and
guidelines.* Autonomously prepare reports and audit findings
remediation plans in response to Internal audits, penetration tests
or vulnerability scans_Brooksource provides equal employment
opportunities (EEO) to all employees and applicants for employment
without regard to race, color, religion, national origin, age, sex,
citizenship, disability, genetic information, gender, sexual
orientation, gender identity, marital status, amnesty or status as
a covered veteran in accordance with applicable federal, state, and
local laws._Job Types: Full-time, ContractPay: $30.00 - $37.00 per
hourBenefits:* Dental insurance* Health insurance* Vision
insuranceSchedule:* Monday to FridayAbility to Relocate:*
Indianapolis, IN: Relocate before starting work (Required)Work
Location: In personby Jobble
Keywords: Brooksource, Lafayette , Information Security Manager, Accounting, Auditing , Indianapolis, Indiana
Click
here to apply!
|