Manager, Information Security

The Manager, Information Security is responsible for the implementation of Coverys’ information security strategy and policy and assisting in its development, with the goal of safeguarding the organization against threats, weaknesses and exploits.

This role involves both oversite and getting “hands-on” working with the global security team and the wider business to implement and maintain best practice process and procedure alongside appropriate technology. The role will be instrumental in assisting the organization’s plans to further mature its security practice through alignment to NIST CSF 2.0. The Manager, Information Technology must collaborate effectively with infrastructure and development teams to ensure that transformation activities incorporate relevant security and resilience standards and monitoring from the outset.

Essential Duties & Responsibilities

Security Strategy & Execution

• Partner closely with Head of Governance and Security to execute security strategy roadmap for Coverys

• Implement and execute IT and Information Security strategies that will improve the security and reliability of systems and data.

• Implement and update security, resilience and information governance standards and procedures as appropriate (using external benchmarks) and ensuring adherence to those standards to drive consistency of practice and organizational maturity.

• Oversee and develop an ongoing program of vulnerability and operational resilience management, including regular external testing.

• Work with internal audit to develop a plan for assurance of the effectiveness of the security, resilience and compliance of our services.

• Work closely with Compliance and Legal teams to ensure that we understand and have documented our regulatory obligations and that we maintain compliance with them

• Oversee the planning and execution of any security or resilience related external audits.

Security Operations:

• Engage with transformation teams to ensure resilience and security are inherent to the delivery of those transformations and allocate the necessary resources.

• Oversee the benchmarking of our security delivery against NIST CSF 2.0 and then develop a plan to increase our maturity from both a policy and practice perspective.

• Regularly review and hone the toolsets required to monitor for, protect from, and respond to cyber incidents.

• Ensure timely and viable incident response processes are in place.

Reporting

• Ensure we collate and regularly report on security governance metrics to leadership.

• Accountable for key metrics that we will be establishing and maintaining for security operations progress.

Team Management

• Oversee the activities of the team and ensure clarity of roles and appropriate allocation of resources.

• Ensure that we maintain and monitor a suite of staff training in relation to security awareness skills and required behaviors.

• Manage partners, stakeholders, vendors and third-party service or solutions providers of relevant IT Security services. Carry out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.

• Support evolving business needs, as applicable.

Education, Experience, Competencies & Values

• Bachelor’s degree in Computer Science, Information Systems, or STEM subject from an accredited college/university, required.

• 5-8 years operational experience in information security within a regulated environment, required. 2-3 years experience in a supervisory role, required.

• Professional certification in information security, such as CISA, CRISC, CISSP or CISM, highly preferred.

• Experience in managing information security audits, required.

• Experience with information security within an environment that has regulatory requirements e.g. HIPAA, required.

• Strong technical skills, with experience of firewall technologies, vulnerability management and remediation across a variety of technology platforms, managing security in cloud environment. E.g. Azure, AWS, required.

• Excellent interpersonal and communication skills.

• Ability to communicate effectively and influence stakeholders to implement Information Security recommendations.

• Knowledge and experience of Firewalls, Identity Management, Managing Security in M365 and Azure, highly preferred required.

• Knowledge and experience of MS Purview, highly preferred.

The base salary range for this role is $159,700 - $187,900. Individual compensation packages are based on a variety of factors that are unique to each candidate including geographic location, skill set, experience, qualifications and education.

If you're a caring and customer focused individual who enjoys working with passionate team members, Coverys is the right company for you!