Information Security Manager

**About the Role**:
The Information Security Manager, supports the organization’s overall Information Security including Cybersecurity posture and culture. The Information Security Manager will require both strong technical and interpersonal skills to effectively analyze information systems, research and validate alerts, and operate security tools for monitoring MTS environment. In this role, the incumbent must make well executed judgments in developing and deploying solutions as a part of Application Security. This individual will be required to oversee and coordinate with Information Security team members, members of other internal IT teams, service vendors, and stakeholder groups to ensure the efficient, timely delivery of security recommendations.
This role involves developing security policies, conducting risk assessments, and managing security technologies to protect the company's assets from threats and vulnerabilities.

**Key** Responsibilities**
- Evaluate/assess Application Security Architecture and suggest recommendations. Provide best practices.
- Prepare Threat Models for Application security and recommend mitigations.
- Support administration of local and vendor managed security solutions for MTS environment.
- Analyze security threats, vulnerability assessments, and audit results to recommend security solutions that enable business objectives.
- Work with the Application Engineering teams to ensure Static Application Security Testing is performed as part of CI/CD. Provide guidance on remediation.
- Oversee conducting Dynamic Application Security Testing. Review findings and engage Application Engineering teams for remediation.
- Review and improve Access Management & Controls.
- Collaborate with other teams to support response efforts to security-related findings or concerns.
- Oversee reporting on incident response metrics and providing assessment reports.
- Continuously improve the organization’s security stance and framework.
- Help to develop and maintain Security Best Practices manual/portal.
- Assist with the organization’s security awareness training program.
- Recommend and participate in the design and implementation of policies, procedures, standards, tools, and methodologies.
- Work with Security Operations Center to analyze and respond to alerts from automated logging, monitoring tools. Review and update the incident response and disaster recovery plans as needed
- Maintain up-to-date knowledge of the Information security industry, including awareness of new or revised security solutions and improved security processes.
- Keep a keen watch for new vulnerabilities and exploits and execute documented incident response procedures to deal with them.

**Experience & Skills**
- 7-10 years of experience working in IT, and
- 7-10 years of experience in Information Security.
- Familiar with OWASP Top 10.
- Familiar with Threat Modeling tools/process.
- Familiar with SAST and DAST tools/process.
- Familiar with Identity and Access Management, IGA, PAM.
- Familiar with DevSecOps, CI/CD.
- Familiar with security best practices of IT networks.
- Familiar with security best practices of public or private clouds.
- Familiar with NIST SP 800-53, CSF.
- Experience managing security service providers to complete regular duties.
- Experience leading other team members.

**Minimum Qualifications**
Any combination of education and experience that would likely provide the required knowledge, skills, and abilities as well as possession of any required licenses or certifications is qualifying
- Strong knowledge of industry standards and best practices for Information Security
- Ability to set and manage priorities judiciously
- Excellent written and oral communication skills
- High Emotional Intelligence (interpersonal skills)

**Education**
- B.S. degree in Computer Science or related technical discipline or any other college discipline with additional 2 years of Information Security experience and CISSP certification.

**Certifications**
- Certifications such as CISSP or CISM is required.
- Certifications such as GCIH, OSCP, ISO 27001 LA are highly desirable.

JfsGCVcgMw