Information Security Manager (Durham)

Description

The Information Security Manager applies current security technologies to the design, development, evaluation, and integration of computer information systems and networks to maintain system security. Provides security engineering and integration services to business teams and works directly with Information Technology, involving a wide range of issues, including secure architectures, secure electronic data traffic, network security, information security, and privacy. Responsible for protecting company data against unauthorized disclosure, accidental or intentional data loss, or unauthorized modification. This position’s location is listed as hybrid (people can work more than one day from home).

Essential Duties and Responsibilities:

• Serve as a technical expert in Information Security for full technology stack in a multi-office network environment.
• Responsible for protecting company data against unauthorized disclosure, accidental or intentional data loss, or unauthorized modification and preparing applicable security reports.
• Guide management on IT/IS risk issues related to information security and propose measures to support risk mitigation and compliance - including building comprehensive security solutions by using and integrating commercial, open-source, and bespoke security tools.
• Developing, reviewing, validating, testing, and implementing, as necessary, security documentation, processes, and controls.
• Manage all security technology daily, including firewalls, SIEM, XDR, and other applicable platforms.
• Conducting/coordinating/overseeing security assessments, including network penetration testing, vulnerability scans, and configuration analysis.
• Conduct vulnerability detection, threat data, network intrusion, development, and implementation of vulnerability mitigation strategies.
• Coordinate with the IT department on implementing security designs in hardware, software, data, and procedures and providing continuous monitoring to enforce client security policy and procedures and create processes that will provide increased visibility to system owners on impacts to the security posture of systems.
• Monitor, detect, prevent, and react to security threats against LCCU business through the technology, processes, and governance.
• Develop security systems for any manual or automated systems environments.
• Create, maintain, and advise on LCCU IT/IS standards, processes, and procedures and their adequacy, accuracy, and compliance with existing guidelines and regulatory requirements (e.g., NCUA, PCI, Sarbanes-Oxley Act, etc.).
• Responsible for managing and monitoring programs such as Incident Response (IR), Identity and Access Management (IAM), Data Loss Prevention (DLP), Information Security Program (ISP), and others involving security controls and management of LCCU infrastructure.
• Keep track of security trends, both internal and external, and keep key stakeholders informed.

Requirements

• Bachelor's degree (B.S.) from a four-year college or university; at least eight years related experience and/or training; or equivalent combination of education and experience working with complex IT infrastructures.
• 8-10 years of senior-level Information Security role (manager, engineer, analyst).
• Experience with Incident Management, Incident Response (IR), Identity and Access Management (IAM), Data Loss Prevention (DLP), and Information Security Program (ISP).
• Ability to convey system risks/assessments/vulnerabilities to all technical levels, including administrative staff, management staff, and subject matter expert technical staff.
• Experience and/or familiarity with the following network protection devices: firewalls, intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow, and packet analysis.
• Demonstrated experience in cyber security, business continuity planning, and industry-standard resiliency practices.
• Team player who can manage multiple tasks in a fast-paced environment.
• Able to travel to other locations throughout the state as needed.
• Effective communication skills (oral and written) with the ability to build positive relationships across teams.
• Ability to manage time with strong organizational skills and keen attention to detail.
• Proven ability to solve problems creatively and proactively.
• Ability to learn quickly and work efficiently.

Physical requirements: Must be able to sit for extended periods of time, use the computer and telephone to complete work, and lift up to 30 pounds at times.

The above statements are intended to describe the general nature of work being performed by individuals assigned to this position. They are not intended to be an exhaustive list of all responsibilities, duties, knowledge, skills, and abilities required of individuals so classified.