EXTEND Resources is seeking a Security and Privacy Manager.
Position Description: The Security and Privacy Manager is responsible for maintaining Extend Resources and its clients’ information security and privacy program to ensure that information assets, PII, PHI and associated technology, applications, systems, infrastructure, and processes are adequately protected. The Security and Privacy Manager is responsible for identifying, evaluating and reporting on cybersecurity and privacy risks to information assets while supporting and advancing business objectives.
The Security and Privacy Manager is responsible for managing the Information Security Management System (ISMS) and Privacy Information Management System (PIMS) programs in accordance with ISO 27001/27002 and ISO 27701 requirements for compliance and certification of Extend Resources and Extend Resources’ clients. The IT Security and Privacy Manager will oversee a variety of cybersecurity and privacy risk management activities and will support the sales and marketing teams in business development activities.
- Manages the Information Security Management System (ISMS) ISO 27001 certification for the company and its clients. Understands and assists in continuous improvement of information security and privacy activities.
- Manages the company’s and clients’ risk management programs which include providing security requirements for disaster recovery and business continuity planning.
- Develops and manages information security training requirements for the delivery of all system projects to include User Guides/Manuals and other training materials.
- Reviews technical risk assessments and reviews new and existing security and privacy controls.
- Manages special IT, security and privacy-related investigations, internal audits, research studies, forecasts, and modeling exercises to provide recommendations and guidance.
- Reviews security guidelines, procedures, rules, and regulations.
- Monitors and reports security and privacy compliance to senior leadership.
- Researches relevant security and privacy trends, standards, laws, and regulations.
- Provides required information security and privacy input for new and upgrade technology projects.
- Participates in sales activities to demo Extend Resources’ proprietary tool for security and privacy compliance.
- Participates in marketing and public relations activities such as content development, media interviews, and speaking engagements.
- Analyzes clients’ security and privacy operations to understand the strengths and weaknesses and to determine opportunities to automate processes and functions; understands and develops appropriate business models to represent business requirements and meet business needs.
- Assists in the business process redesign and documentation for security and privacy controls as needed; ensures solutions are in compliance with and uphold organizational standards. Develops business models to represent requirements, such as use cases, business process flows, data flow diagrams, etc.
- Reviews and analyzes system processes and procedures to determine the most useful and cost-effective business solutions for clients.
- Analyzes requirements, procedures, and problems to automate processing or to improve existing security and privacy programs.
- Performs duties concerned with the design and improvement of computer-based business systems as it relates to information security and privacy.
- Performs audits on people, systems, and processes for information security and privacy compliance by following established checklists. Documents audit findings in a clear and concise written manner.
- Works on multiple projects as a project team member, occasionally as a project leader.
- Evaluates and identifies project complexity, assumptions, constraints, and dependencies.
- Communicates complex technical concepts simply and effectively to nontechnical team members.
- Participates in planning sessions with business units to improve business processes as it relates to information security and privacy.
- Performs complex analysis of large data sets and disseminates relevant information across teams.
- Articulates and effectively writes business and technical requirements.
- Formulates and defines system scope and objectives.
- Writes and executes test plans, including functional and regression testing.
- Provides end-user training and assists with IT Help Desk activities.
- Works efficiently with others in a team environment and contributes effectively to the accomplishment of team goals, objectives and activities.
- Establishes and maintains effective working relationships with those contacted in the course of work.
- Performs other related duties as required.
- 2+ years of information security and privacy experience including knowledge in one or more of the following security disciplines: information security monitoring, incident response, vulnerability management, business continuity, privacy, and cyber threat intelligence.
- Bachelor’s degree or Master’s degree in Information Security or related Information Technology field is desired.
- Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), or Certified Information Security Manager (CISM) a plus.
- Experience with information security standards and frameworks such as ISO 27001, NIST, and SOC a plus.
- Experience with privacy laws and regulations such as GDPR and CCPA a plus.
- Experience producing high-level functional or operational requirement documentation.
- Experience managing client expectations, implementing service improvement initiatives and communicating effectively with project team and management.
- Knowledge of process development, with the ability to learn, and understand technical concepts in order to interpret, document and formalize procedures.
- Experience with integrated system testing, QA testing, and user acceptance testing.
- Ability to handle aggressive deadlines and set appropriate expectations on complex business opportunities.
- Demonstrated ability to work independently and as a member of a team in an ever-changing environment.
- Must be a highly motivated self-starter with excellent research, analytical and above-average computer skills and knowledge.
- A strong sense of ownership, commitment to quality, and attention to detail to deliver excellence while working remotely from a home office.
- Proficiency with SharePoint.
- Proficiency in all Microsoft Office products (including Outlook, Word, Excel, and PowerPoint) and in using web-based applications. Must be able to create presentations using PowerPoint, and create and maintain spreadsheets using Excel.
- Good decision-making skills and the ability to function well under stress while working in a fast-paced environment.
- Strong oral and written communication skills, and the ability to effectively communicate over the phone.
Reports to: CTO and Chief Information Security Officer
To apply, submit your resume to firstname.lastname@example.org.