This site uses cookies. To find out more, see our Cookies Policy

IT Security Manager in Atlanta, GA at Engle Martin & Associates

Date Posted: 4/12/2018

Job Snapshot

Job Description

Based in Atlanta, GA at our corporate headquarters, this role is responsible for updating, managing, and defining security policies, standing up the processes required for monitoring and enforcement, and acting as the SME with respect to industry and government standards. Working in conjunction with business executive leadership, the role will be accountable for defining the corporate security strategy improving overall adherence and compliance to defined standards,. Additional functions include a partnership with various process owners to create and deliver regular compliance reporting, the creation of functional training materials, and maintaining close relationships with teams across the enterprise, to ensure knowledge-sharing and alignment. The resource will also be required to keep abreast with the latest technology developments and leverage technology, automated audit tools, and data analytics to deliver insightful audit services in an effective and efficient manner. Performs other duties as assigned.

RESPONSIBILITIES:

  • Working with business executives, teams across all organizations, defines requirements, documents and implements the necessary strategies, policies, standards and procedures and ensures compliance with security commitments and best practices, and on-going controls to meet security standards.
  • Responsible for testing, documenting, evaluating, and remediating internal controls and collaborating with Security, Internal and External Audit, Technology Management, and other business stakeholders to ensure compliance project deliverables are met.
  • Manages the content of Security continuous compliance program, performing a continuous gap analysis of existing IT control and security processes.
  • Develop and coordinate mitigating controls with business stakeholders.
  • Test the design and operating effectiveness of IT systems and internal controls; coordinate required remediation.
  • Assist in implementation and maintenance of a company-side information security infrastructure and ensure appropriate control objectives for system integrity, confidentiality, accountability, and assurance within the context of the company’s risk tolerance.
  • Operate the information protection effort to comply with industry standard audits including (ISO 27001/3, SSAE-16, SOC 1, GDPR, PCI 3.2).
  • Investigate security incidents and recommend actions needed to resolve situations to include monitor emerging cyber security and information security risks.
  • Assess and monitor controls related to applications hosted on the cloud and data lifecycle management controls/data privacy controls.
  • Ensures that commitments are met for business recovery and IT resiliency. Evaluates the adequacy and effectiveness of controls relating to cyber and technology risks.
  • Ensure IT security policies and strategies cover network, server, third party hosting, and end user computing platforms.
  • Ensure IT security policies clearly address vulnerability identification, remediation, testing and define service level agreements for completion
  • Ensure IT security policies clearly address patching compliance and define service level agreements for completion
  • Responsible for creating and maintain technology roadmaps that clearly identify lifecycle [End of Life/End of Support] events.
  • Responsible for completing third party risk assessments for new technology vendors and products.
  • Responsible for contract review and compliance with technology requirements defined in contractual engagements.
  • Ability to work independently with minimal supervision and manage activities with cross-functional business stakeholders, including Security and Internal/External Audit.

Job Requirements

  • BA/BS, and 7+ years relevant work experience specific to Security.
  • Certified Information Systems Auditor (“CISA”) strongly preferred.
  • Familiarity with insurance industry, IT, and software development concepts.
  • Familiarity with PCI/DSS, ISO 27001, COBIT, application security, or risk a plus.
  • Advanced Word, Excel and PowerPoint. Proficiency in Acrobat, Visio, Wiki, and SharePoint.
  • Clear and effective communication skills to senior leadership and business stakeholders (written, oral and listening).
  • Analyzes each situation and makes sound decision for technical and business challenges that can be difficult in complexity.
  • Analyzes problems and challenge by looking below the surface to understand root cause.