Information Security Manager

Company Description

A best-in-class city that attracts best-in-class talent, Philadelphia is an incredible place to build a career. From our thriving arts scene and rich history to our culture of passion and grit, there are countless reasons to love living and working here. With a workforce of over 30,000 people, and more than 1,000 different job categories, the City of Philadelphia offers boundless opportunities to make an impact. 
As an employer, the City of Philadelphia values inclusion, integrity, innovation, empowerment, and hard work above all else. We offer a vibrant work environment, comprehensive health care and benefits, and the experience you need to grow and excel. If you’re interested in working with a passionate team of people who care about the future of Philadelphia, start here.

What We Offer:
•    Impact - The work you do here matters to millions. 
•    Growth - Philadelphia is growing, why not grow with it? 
•    Diversity & Inclusion - Find a career in a place where everyone belongs.
•    Benefits - We care about your well-being.
 

The Office of Innovation & Technology (OIT) is the central IT agency for the City of Philadelphia headed by the Chief Information Officer (CIO). OIT oversees all major information and communications technology initiatives for the City of Philadelphia - increasing the effectiveness of the information technology infrastructure, where the services provided are advanced, optimized, and responsive to the needs of the City of Philadelphia’s businesses, residents, and visitors. OIT responsibilities include: identifying the most effective approach for implementing new information technology directions throughout city government; improving the value of the city’s technology assets and the return on the city’s technology investments; ensuring data security continuity; planning for continuing operations in the event of disruption of information technology or communications services; and supporting accountable, efficient and effective government across every city department, board, commission and agency.

Job Description

The Information Security Manager will play an essential role in leading and managing the Information security program. The ideal will lead the development and implementation of the organization’s security policies and procedures, ensuring the protection of IT infrastructure, data, and assets. This role requires a strategic thinker with excellent technical skills and the ability to work collaboratively across departments to protect our organization against internal and external threats. Reporting directly to the Director of Information Security the successful candidate will oversee all aspects information security activities to safeguard Philadelphia International Airport's information assets. 

Essential Functions and Responsibilities:
Security Policies and Procedures:

• Develop and implement comprehensive information security programs, including policies, processes, and control systems to protect organizational assets.
• Ensure compliance with regulatory requirements and industry standards 

Risk Management:

• Identify and assess security risks to the organization.
• Develop risk mitigation strategies and manage incidents and breaches.
• Conduct regular security assessments, audits, and penetration testing.

Security Awareness and Training:

• Develop and deliver security awareness programs to educate employees about security policies and procedures.
• Promote a culture of security awareness and compliance throughout the organization.

Incident Response and Management:

• Lead the incident response team and coordinate the investigation and remediation of security incidents.
• Develop and maintain an incident response plan and ensure timely and effective responses to security breaches.

Security Architecture and Engineering:

• Collaborate with IT and other departments to design and implement secure network architectures, including firewalls, intrusion detection/prevention systems, and encryption protocols.
• Liaise with IT and other departments to ensure alignment of security measures with organizational goals and regulatory requirements.
• Ensure the secure configuration of all hardware and software systems.
• Manage the Information Security team, overseeing the day-to-day operations and long-term strategic direction of the security function.

Vendor Management:

• Evaluate and manage third-party vendors and service providers to ensure they meet security standards and requirements.
• Conduct regular security reviews and assessments of vendors.

Continuous Monitoring & Improvement:

• Stay updated with the latest security technologies, trends, and threats to ensure the organization's defenses remain effective and current.
• Conduct regular security audits, vulnerability scans, and risk assessments to identify and mitigate potential threats.
• Implement monitoring mechanisms to track compliance with IT policies, controls, and regulatory requirements.  
• Continuously improve the organization’s security posture through research and the implementation of new security tools and technologies.
• Provide regular reporting on the status of the information security environment highlighting key issues, trends, and recommendations.
• Standardize documentation practices for IT processes, controls, and compliance activities, ensuring completeness, accuracy, and accessibility of documentation.

Experience/Required skills:

• Demonstrated ability to develop and implement governance, risk, and compliance frameworks in complex IT environments.
• Experience managing audits, assessments, and regulatory compliance initiatives related to IT operations.
• Strong understanding of Cybersecurity risk frameworks and ability to lead and oversee the execution and implementation of the frameworks.
• Valuable communication skills and ability to synthesize complex technical topics for non-technical audiences.
• Proven track record of developing and implementing robust internal controls and risk mitigation strategies within IT operations.
• Effective skills and experience in designing and documenting complex processes and identifying and eliminating deficiencies in existing process designs.
• Strong project management skills, with the ability to coordinate and execute multiple initiatives simultaneously, meeting deadlines and delivering high-quality results.
• Ability to standardize documentation practices for IT processes, controls, and compliance activities, ensuring completeness, accuracy, and accessibility.
• Commitment to staying updated on emerging security threats, trends, and technologies.

Desired Experience and Abilities

• Strong analytical and problem-solving abilities, with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously.
• Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization.
• Experience in developing and delivering training programs and awareness campaigns to educate IT staff and stakeholders on compliance requirements and best practices.
• Proficiency in monitoring mechanisms and reporting tools to track compliance with IT policies, controls, and regulatory requirements.
• Commitment to staying updated on emerging security threats, trends, and technologies.
• Ability to adapt to evolving security challenges and requirements, proactively adjusting security strategies and tactics to address new threats and vulnerabilities.
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
• Familiarity with cybersecurity principles, tools, and best practices.

Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Information Systems or a related field; Master's degree preferred.
• Minimum of 7 years of progressive experience in information security, with 4 years of leadership or managerial experience.
• Proven track record of developing and implementing information security strategies and initiatives in alignment with NIST Cybersecurity Framework.
• Experience in managing audits, assessments, and regulatory compliance initiatives related to IT operations.
• Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization.
• Strong analytical and problem-solving abilities, with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously.
• In-depth knowledge of cybersecurity principles, technologies, and best practices.
• Strong understanding of regulatory requirements and compliance frameworks.
• Excellent leadership, communication, and stakeholder management skills.
• Relevant certifications such as CISSP, CISM, or CRISC are highly desirable.
• Experience with security compliance frameworks (e.g., CIS, NIS CSF, NIST RMF, ISO 27001) is a plus.

Additional Information

Salary Range: $110,000 - $120,000

Important: To apply, candidates must provide a cover letter and resume.

Work Setting: in-person (onsite)

Discover the Perks of Being a City of Philadelphia Employee:
•    We offer Comprehensive health coverage for employees and their eligible dependents
•    Our wellness program offers eligibility into the discounted medical plan
•    Employees receive paid vacation, sick leave, and holidays
•    Generous retirement savings options are available
•    Pay off your student loans faster - As a qualifying employer, City of Philadelphia employees are eligible to participate in the Public Service Loan Forgiveness program. Join the ranks of hundreds of employees who have already benefited from this program and achieved student loan forgiveness.
•    Enjoy a Free Commute on SEPTA - Starting September 1, 2023, eligible City employees will no longer have to worry about paying for SEPTA public transportation. Whether you're a full-time, part-time, or provisional employee, you can seize the opportunity to sign up for the SEPTA Key Advantage Program and receive free Key cards for free rides on SEPTA buses, trains, trolleys, and regional rails.
•    Unlock Tuition Discounts and Scholarships - The City of Philadelphia has forged partnerships with over a dozen esteemed colleges and universities in the area, ensuring that our employees have access to a wide range of tuition discounts and scholarships. Experience savings of 10% to 40% on your educational expenses, extending not only to City employees but in some cases, spouse and dependents too!
Join the City of Philadelphia team today and seize these incredible benefits designed to enhance your financial well-being and personal growth!

*The successful candidate must be a city of Philadelphia resident within six months of hire

Effective May 22, 2023, vaccinations are no longer required for new employees that work in non-medical, non-emergency or patient facing positions with the City of Philadelphia. As a result, only employees in positions providing services that are patient-facing medical care (ex: Nurses, doctors, emergency medical personnel), must be fully vaccinated.

The City of Philadelphia is an Equal Opportunity employer and does not permit discrimination based on race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, source of income, familial status, genetic information or domestic or sexual violence victim status. If you believe you were discriminated against, call the Philadelphia Commission on Human Relations at 215-686-4670 or send an email to faqpchr@phila.gov.