This site uses cookies. To find out more, see our Cookies Policy

IT Security Manager in Franklin, TN at Vaco

Date Posted: 3/13/2018

Job Snapshot

Job Description

IT Security Manager

The IT Security Manager serves as the information security subject matter expert with a primary focus on protecting critical data and IT assets across the organization. Responsible for the people, processes and technology systems that enable a robust and effective security program. Partner with HIPAA Privacy and Compliance to ensure enforcement of policies, procedures and controls to manage identified risks to an acceptable level.

Principal Duties and Responsibilities

  • Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security
  • Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
  • Leads the design, implementation, operation and maintenance of the Information Security Management System based on HIPAA, HITRUST and/or ISO 27002 standards
  • Draft clear, concise, and enforceable policies that are compliant with applicable laws and regulations; benchmarked against industry standards that are compliant with all applicable laws, regulations, industry standards and aligned with stakeholder and customer requirements.
  • Forms a "center of excellence" for information security management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively
  • Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Security Committee
  • Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
  • Leads or commissions suitable information security awareness, training and educational activities
  • Leads or commissions information security risk assessments and controls selection activities
  • Leads or commissions activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties
  • Manage Organizational Cyber Security Program (ISO 27002)
  • May perform other duties as assigned.

Minimum Qualifications

  • At least 8 years of full-time work experience in information security management and/or related functions (such as IT audit and IT Risk Management)
  • Information security management qualifications such as CISSP or CISM
  • Background in technical IT roles such as IT architecture, development or operations, with a clear and abiding interest in information security
  • Experience with HIPAA, HITRUST and/or ISO

Knowledge and Skills

  • Hands-on team leadership with excellent communication skills
  • Management of a Governance, Risk, Compliance (GRC) Program
  • Security infrastructure device management
  • Security and critical IT monitoring
  • Threat management
  • Vulnerability management
  • Data classification and governance
  • Knowledge of the following security applications: End Point Protection, Web content filtering, NGFW Firewalls, DLP, AV / Malware, Log Collection/Filtering, MDM