Location
Oneida Nation Enterprises
Job Code
MG11S
Shift
Days
Travel Involved
 
Category
Information Technology
Employment Status
Full-Time

Information Security Manager

Job Description

The Information Security Manager’s role is to ensure the secure operation of the in-house computer systems, servers, and network connections. This includes checking server, switches, endpoints and firewall logs, scrutinizing network traffic, establishing and updating internetwork OS upgrades, and troubleshooting. This person will also analyze and resolve security breaches and vulnerability issues in a timely and accurate manner, and conduct user activity audits where required. They will also schedule and direct the activities of the data security team to resolve issues in a timely and accurate fashion.

 

Position Responsibilities:

 

  • Establishes security policies relating to data access, user rights and application privileges, security utilities and data protection.
  • Administers policies and procedures for identifying, reporting, and resolving security violations.
  • Benchmarks, analyzes, reports on, and makes recommendations for the improvement of data security.
  • Effectively leads the Information Security Department’s security planning; including fostering planning projects, and organizing and negotiating the allocation of resources.
  • Effectively collaborates with stakeholders to define security requirements for new technology implementations.
  • Directs research on potential security solutions in support of procurement efforts.
  • Assists in managing the financial aspects of the department; including purchasing, budgeting, and budget review.
  • Develops business case justifications and cost/benefit analyses for spending and initiatives.
  • Effectively negotiates and administers data security related vendor, outsourcer, and consultant contracts and service agreements.
  • Effectively manages Information Security staffing, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions.
  • Deploys, manages and maintains all security systems and their corresponding or associated software; including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
  • Develops, implements, maintains, and oversees enforcement of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices.
  • Designs and implements disaster recovery plan for operating systems, databases, networks, servers, and software applications.
  • Manages connection security for local area networks, Web site, intranet, and e-mail communications.
  • Ensures the security of databases and data transferred both internally and externally.
  • Designs, performs, and/or oversees penetration testing of all systems in order to identify system vulnerabilities.
  • Designs, implements, and reports on security system and end user activity audits.
  • Monitors server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interprets activity and makes recommendations for resolution.
  • Recommends, schedules (where appropriate), and applies security patches, disaster recovery procedures, and any other measures required in the event of a security breach.
  • Assesses need for any security reconfigurations (minor or significant).
  • Remains current with emerging security alerts and issues.
  • Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
  • Interacts and negotiates with vendors, outsourcers, and contractors to obtain protection services and products.
  • Downloads and tests new security software and/or technologies.

Job Requirements

  • College Degree in Computer related field and a minimum of 5 years of cybersecurity experience; or eight years related work experience with at least three years of experience in Manufacturing, Financial, Health Care, Casino, Hospitality and/or Entertainment industry or other high volume, complex, highly regulated demanding customer oriented IT environment.
  • A certification as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other related technical certification is a must.
  • Previous working knowledge and experience achieving compliance to the Payment Card Industry Data Security Standards (PCI DSS), and HIPPA requires are required.
  • Broad hands-on knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices.
  • In-depth technical knowledge of network, PC, and platform operating systems, including Cisco Internetwork Operating System, LINUX, IBM OS/400 (i5/OS), Microsoft Windows Server and Desktop Operating Systems.
  • Working technical knowledge of current systems software, protocols, and standards, including Microsoft Exchange, Microsoft SQL Server and SharePoint.
  • Expert knowledge of TCP/IP and network administration/protocols.
  • Knowledge of applicable practices and laws relating to data privacy and protection.
  • High level of analytical and problem-solving abilities.
  • Ability to conduct research into security issues and products as required.
  • Strong interpersonal and oral communication skills.
  • Highly self-motivated and directed.
  • Strong organizational skills.
  • Excellent attention to detail.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Experience working in a team-oriented, collaborative environment.

 

 

Remarks:

This job description is intended to be illustrative of the position’s duties & should not be construed to be an exhaustive statement of the essential functions of the job.