Job Purpose or Scope: The Information Security Manager will manage First Transit’s Information Security Program, including maintaining adequate security controls and processes to ensure the confidentiality, integrity, and availability of information assets within First Transit’s division, with a focus on healthcare and other national and regional laws and regulations. The Manager will focus on supporting internal compliance efforts, and ensuring identified risks are remediated in an effective and timely manner. The Manager serves as an expert advisor to management, peers, and business users in defining, recommending, and implementing necessary controls to cost-effectively assess and manage security-related risk. Position will assist the Group IT Security teams in developing, implementing, and maintaining a world-class Information Security organization. Serves as a thought leader for Information Security compliance.
- Through proactive monitoring, identify potential gaps in IT Security controls, develop corrective action plans, and oversee remediation activities. This includes continuously reviewing the environment’s security architecture, and providing feedback on current state of division’s security systems, and the feasibility and cost justification of alternative security systems.
- With the assistance of the Compliance Team, ensure operating compliance with applicable government and agency regulations. Position will participate in regulatory compliance activities, as required.
- Provide proactive operational responsibility for Information Security incident prevention, detection, response, and remediation.
- Responsible for the division’s vulnerability management program, including the use of Group-approved scanning systems, reporting of vulnerabilities to applicable corporate and location management, and remediation of vulnerabilities in a timely manner.
- Responsible for the Information Security Team’s support ticket queue, ensuring timing communication and resolution of support tickets and related project work.
- Work with business leaders to ensure adequate controls around change management exist, including how security would be affected by proposed changes.
- Ensure divisional locations are receiving adequate Information Security training and awareness initiatives, as defined by the divisional and Group IT Security teams.
- Create, update, and maintain Information Security related documents, including applicable policies, standards, and procedures. Champion awareness and influence security through policies, and provide solutions for business-specific risk and compliance issues. Assist divisional locations with developing and maintaining related network and data flow documentation.
- Responsible for client-needed assistance on divisional Information Security related issues, including applicable questions on First Transit’s control environment.
- Develop quality measures to assess overall success of Information Security program, and provide report(s) to leadership. This includes developing and producing monthly scorecard reports on the environment’s security posture, as defined by business strategic goals and the organization’s mission, and using scorecards to provide roadmaps for Information Security assurance.
- Communicate with executive management, various committees, and others, as required, to discuss identified risks and opportunities for improvement within control environment.
Describe level of decision making and list examples of common decisions made:
- Manager level staff, that provides oversight of division’s Information Security program with minimal or no supervision. Sample decision includes researching and analyzing security system tools, with recommendations on cost-effectiveness to management; maintaining division’s vulnerability management program with proper reporting to senior management; and developing and producing monthly scorecard reports on the environment’s security posture, as defined by business strategic goals and the organization’s mission, and using scorecards to provide roadmaps for Information Security assurance.
Minimum Education & Certifications Required:
- Bachelor’s Degree or above in related field, and/or relevant experience in the Information Security field
- Industry certifications preferred (Security+, CISSP, CISM, etc.)
Experience & Skills Required:
- Computer skills: Strong MS Office skills (Outlook, Excel, PowerPoint, Word)
- Language skills: Excellent English written, grammar and verbal skills
- Soft skills: Team oriented but independent working style, customer focus and result driven, willingness to learn
- Excellent writing skills to develop and edit documentation that will be used as guides, templates, and communication tools