IT Security Manager

IT Security Manager

Collaborate with management to establish, develop, and maintain enterprise information assurance and privacy programs. Manage assigned areas within the Information Security Department and direct assigned information security and data security operations for the Automobile Club. Ensure that information security principles are considered and incorporated into Information Systems operations, initiatives, and projects. Identify and define new information security, compliance, and data security requirements, collaborating with management to ensure they result in operational procedures or active projects. Manage architecture and operations of all information security systems including the Auto Club overall security policy, to be consistent with regulatory requirements, corporate culture, and business priorities.

What You'll Do:

• Responsible for 7x24x365 sustainable operations of the security deployment and compliance strategy approved by senior executives and management.

• Manage professional security staff, vendors, contractors, and cross-department project team members who undertake information security initiatives to improve the status of information security at the Auto Club using a combination of agile and other project management methods and disciplines, in accordance with established organizational project planning and execution.

• Responsible for establishing and maintaining Information Systems organizational procedures and standards that are in conformance to Auto Club strategy, legal and best practice measures. Responsible for development of training programs to educate new and existing employees to an appropriate level of awareness. Working with Legal Department, identify regulatory changes that will affect data and application security policy, standards and procedures and recommend appropriate technical changes to maintain designated security protection levels.

• Responsible for information security operations, risk management, associated cyber defense and response. May include specific responsibilities managing Security Operations Center, Firewall Operations, Information Security Vendor Risk Management, and similar activities as assigned.

• Interface with business units to educate and coordinate information security to ensure awareness and that this function is an integral part of existing and new offerings to members.

• Responsible for reporting to management when/if breaches in information security, information privacy, and protection policies occur. Responsible for working with management to define and assign remediation responsibilities of breaches.

• Periodically evaluate span of control organization structure as well as the talent composition of staff versus assessed needs of the enterprise. Propose and implement changes to assigned span of control where needed.

• Identify and define new information and data security requirements converting them to active projects or initiatives with assigned priorities and timelines.

• Work with Enterprise Architecture teams to develop, provide, and publish a roadmap and supporting standards defining the ACSC enterprise security architecture and design.

• Perform other management duties as assigned or required including managing the department budget and supervising information security department staff.

• The inherent tension and conflicts between the Auto Club’s need to share member information and data with other organizations and the need to comply with privacy and security laws and best practices is managed appropriately. Similarly, the need for Auto Club employees to have access to member, customer, and employee information is balanced with the need to control access and comply with laws and best practices. Working management and others to address and resolve these issues is a large part of the job.

• The Auto Club’s policies, procedures, Information Technology operations, and best practices need to evolve with changing technology. This role helps foster a collaborative environment while ensuring cross-department activities remain orientated to ensuring the organizational security posture is maintained and improved.

• Position requires a self-starter who has good judgement, willingness to take on challenges, adaptability to change, and is an independent thinker with strong problem-solving skills.

What You'll Need:

• Bachelors Degree, preferably in Computer and Information Science

• 7-9 years Information security or equivalent experience in networking and related disciplines.

• Strong verbal and written communication skills with the ability to effectively summarize and articulate risks and findings to management.

• Comprehensive knowledge of private/public cloud computing and security of multiple computer platforms and architectures including mainframe (MVS operating system) and distributed systems (Windows, OS X, Mobile, and Unix environments) is required.

• Prior direct, hands-on E-business secure transaction experience for making purchases utilizing the Internet and information security of data transmitted over the internet and/or intranet is required.

• Comprehensive knowledge of cross-platform technical principles, practices, and procedures for private/public cloud computing, mainframe computers, distributed systems, desktop computers, laptops, tablets, phones, and workstations is required.

• Personal experience with establishing and implementing policies and procedures protecting information flow to and from large numbers (i.e., over 1,000) of mobile users accessing company information remotely.

• Conceptual understanding of data network configuration and infrastructure concepts, including TCP/IP routers, internet/intranet/extranet, firewalls, web servers and security hierarchy including the application of encryption key infrastructures and authentication processes.

• General knowledge and experience with security technologies including public and private key encryption, digital certificates, Kerberos, challenge/response, smart card, Secure ID or one-time password authentication mechanisms.

• CISSP, CISM preferred.

Scope

• Work is accomplished without considerable direction. Exercises judgment in selecting methods, techniques, and evaluation criteria in obtaining results. Exerts significant latitude in determining objectives of assignment. Takes calculated risks aligned with the overall security posture and outcome expectations.

• Works on complex issues where analysis of situations or data requires in-depth evaluation of variable factors. Constructs and may pursue alternative paths towards a solution. Exercises judgment in selecting method, techniques and evaluation criteria for obtaining results consistent with broadly defined policies and practices. Problem/Task resolution timeframe: Inclusive of shorter timeframes, but typically six to twelve months or more to resolve.

• Functions independently within broad scope of established departmental policies/practices; generally refers specific problems to supervisor only where clarification of departmental operating policies/procedures may be required.

• This position manages/supervises people 10-15

• Erroneous decisions or recommendations would normally result in the inability to reach crucial organizational objectives and may have prolonged effect, as well as result in the expenditure of substantial resources.

• Represents the organization as the primary contact. Interacts with management and senior value-chain partners on matters requiring coordination across organizational lines. Achievement of objectives requires ability to influence others both internally and potentially externally.

#LI-SS1

Remarkable benefits:
•    Health coverage for medical, dental, vision
•    401(K) saving plan with company match AND Pension
•    Tuition assistance
•    PTO for community volunteer programs
•    Wellness program
•    Employee discounts (membership, insurance, travel, entertainment, services and more!)

Auto Club Enterprises is the largest federation of AAA clubs in the nation. We have 14,000 employees in 21 states helping 17 million members. The strength of our organization is our employees. Bringing together and supporting different cultures, backgrounds, personalities, and strengths creates a team capable of delivering legendary, lifetime service to our members. When we embrace our diversity – we win. All of Us! With our national brand recognition, long-standing reputation since 1902, and constantly growing membership, we are seeking career-minded, service-driven professionals to join our team.

"Through dedicated employees we proudly deliver legendary service and beneficial products that provide members peace of mind and value.”

AAA is an Equal Opportunity Employer