Information Security and Privacy Manager

Overview

Aerotek has an immediate opening for an Information Security and Privacy Manager at the corporate office in Hanover, MD.

Job Summary:

The Information Security and Privacy Manager is responsible for securing Aerotek’s sensitive information assets and managing the Information Security program within the operating company. In addition to reviewing contract language, assisting with requests for proposal and security questionnaires, responding to incidents, and creating awareness regarding information security and privacy within the organization, the Information Security and Privacy Manager identifies areas for improvement and drives information security and privacy initiatives within the business and across the enterprise. The Information Security and Privacy Manager serves as a subject matter expert and consultant regarding information security and privacy topics.

Essential Functions:

• Lead investigations and be the point person regarding incidents involving contractors and clients and employees.  This will involve interacting with executive leadership as well as executive leadership at the client, as needed, and documenting and communicating incident details to stakeholders.
• Review information security/privacy language in and participate in the negotiation of customer and vendor contracts and provide training and guidance on these topics periodically.
• Assist with proposal content specific to information security/privacy and complete security questionnaires.
• Educate field personnel and corporate partners regarding information security and privacy policies and procedures.
• Partner with Allegis Information Security Office/Allegis Group Privacy Office and other departments to drive information security and privacy initiatives across the company and enterprise.
• Participate in the creation of enterprise security and privacy documents (policies, standards, baselines, guidelines, and procedures) and communications (intranet articles and email campaigns).
• Coordinate rental assets, encryption, and similar security solutions for the business. This includes reviewing and approving the monthly rental asset reports for accuracy.
• Coordinate associated security activities with contractor on-boarding as well as end of assignment/off-boarding steps.
• Maintain up-to-date detailed knowledge of the IT security and data privacy industry including awareness of new or revised solutions, improved processes and the development of new attacks and threat vectors.
• Recommend additional solutions or enhancements to existing security solutions to improve overall enterprise security.
• Staying abreast of existing, emerging, and newly passed privacy regulations.
• Manage information security/privacy projects and respond to ad hoc requests.

Supervisory or Management Responsibilities:

• ·         Management responsibility for team including hiring, leadership, development, and accountability for performance.
• ·         Provides leadership and guidance to coach, motivate, and lead team members to their optimum performance.

Minimum Education/Abilities/Skills:

• University degree in the field of information security, business administration, or another related field.
• 2 years’ experience working in an information security operation.
• 5 years’ experience working in the IS industry, preferably information security operations.
• Ability to respond to incidents, perform analysis tasks, and communicate effectively with your constituency and other external contacts.
• Experience with assessing information security and compliance risks and mitigating.
• Competent problem-solver that can adapt easily adapt to change and be effective in daily activities.
• Ability to present ideas in business-friendly and user-friendly language.
• Excellent interpersonal skills and strong negotiating skills.
• Understanding of project management principles.

Special Requirements:

• Certifications such as ITILv3 and security-related certifications (Network+, Security+, CISSP, etc.) preferred but not required.
• Certification in Privacy such as CIPP-US, CIP-M, CIPP-E, CIP-T, FIP, preferred but not required.
• In-depth knowledge of applicable laws and regulations as they relate to information security such as CFR 45, HIPAA/HITECH, FISMA, EU Contractual Clauses, GDPR, GLBA, MAS201, etc.
• Must be willing to obtain one of the above certifications within the first 2 years in the role.

Per Pay Transparency Acts: The range for this position is $100,000 - $145,000 + annual bonus potential of $10,000 

Benefits are subject to change and may be subject to specific elections, plan, or program terms. This role is eligible for the following:

Medical, dental & vision401(k)/RothInsurance (Basic/Supplemental Life & AD&D)Short and long-term disabilityHealth & Dependent Care Spending Accounts (HSA & DCFSA)Transportation benefitsEmployee Assistance ProgramTuition AssistanceTime Off/Leave (PTO, Primary Caregiver/Parental Leave)