Manager, IT Security

Goodwill Industries of Kentucky is looking for an energetic, self-motivated, dynamic professional IT Security Manager to join our team! The IT Security Manager is responsible for working with VP of IT for overseeing and coordinating security efforts across the organization, including physical security of IT assets, cybersecurity, information protection, and incident response. This role involves developing and implementing security policies, working with the Managed Service Provider(MSP) to plan and implement security strategies and ensuring compliance with relevant regulations and standards. If you are looking for an opportunity that allows you to reach new goals while helping other’s in your community, the IT Security Manager opportunity is for you.

Goodwill’s Mission is to connect Kentucky job seekers with the resources and services they need to find and maintain long-term employment and a career path. We serve Kentuckians who have disabilities or experience other challenges finding success in the workforce, such as criminal backgrounds, language barriers, limited education, lack of transportation and chronic poverty.

Job Type: Full-time, Exempt

Essential Duties and Tasks:

Security Strategy and Planning:

• Work with VP of IT to develop and implement comprehensive information security strategies, policies, and procedures.
• Conduct regular risk assessments and vulnerability analyses for implemented technology and network to identify potential security threats.
• Work with Managed Service Provider to plan and coordinate security operations for specific events or high-risk situations.

Physical Security:

• Work with the Risk Management team to oversee the implementation of physical security measures such as access control, data security around surveillance systems, and security personnel training on cyber related incidents and needs.
• Conduct regular inspections and audits of security systems and procedures to ensure IT assets are secured (IDF and MDF rooms)
• Ensure the safety and security of technology across all company facilities and assets.

Cybersecurity:

• Collaborate with the IT department to ensure robust cybersecurity measures are in place.
• Monitor and respond to cybersecurity incidents and breaches.
• Develop and enforce policies related to data protection and information security.

Incident Management:

• Lead the response to security incidents and emergencies, coordinating with relevant authorities as necessary.
• Work with the managed service provider to conduct investigations into security breaches and incidents, preparing reports and recommendations.
• Develop and implement cyber incident response plans and conduct regular drills and

Compliance and Governance:

• Ensure compliance with relevant legal and regulatory requirements related to IT
• Maintain up-to-date knowledge of industry standards and best
• Prepare and present reports on security status and initiatives to senior
• Foster a culture of security awareness and vigilance across the

 Vendor and Third-Party Management:

• Manage relationships with IT security vendors and
• Work with MSP to evaluate and select security products and services that align with organizational
• Ensure third-party compliance with IT security policies and procedures

 Experience/Requirements

• Bachelor’s degree in security management, criminal justice, information technology, or a related A master’s degree is preferred. 
• Minimum of 5-7 years of experience in security management or a related field, with a proven track record of developing and implementing security strategies.
• Relevant certifications such as Certified Protection Professional (CPP), Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are highly desirable.
• Strong leadership and management abilities.
• Excellent problem-solving and decision-making skills.
• Must have reliable transportation to and from work.

Physical and Work Condition Requirements:

• This job may have physical requirements that are considered sedentary work. Sedentary work involves sitting for long periods of time; occasional bending, squatting, kneeling, stooping; good finger dexterity and feeling; frequent repetitive motions; talking, hearing, and visual acuity and occasional lifting up to 15 pounds.
• Travel to other locations beyond the assigned work location as required or similar as appropriate.