Security & Compliance IT Tech AIO - IT Security (PCK333-213623) New York County, New York
The Information Security manager is in charge of the Information Security Management function, providing HR IT Security Risk management and leadership for the HRIT Security function and liaising closely with other HR business unit operations and vendor managers. The purpose of the Information Security Risk Management function, in turn, is to bring the organization’s information security risks under explicit management control.
Key job tasks of security manager
1. Monitors and evaluates risk performance metrics on key security issues and programs, recommends corrective action programs as appropriate
2. Maintains knowledge of complex industry trends, current security issues and security technology and updates management on risk and threats that could impact company business.
3. Responsible for providing management leadership, advice and counsel to HR Operation & Systems management teams on security policy and practices. Identifies exposures and recommends and develops corrective plans as appropriate.
4. Serves as staff support to management and assists in conducting investigations of significant threats and/or the loss or misappropriation of assets.
5. Responsible for IT Technical Risk Management: Assessing the enterprise against IT threats and risks through governance, compliance, identification, and validation of application controls. These include:
§ Conducting global security assessment and capabilities reviews, writing review reports in AIG’s assessment library applications, assisting in the determination of the strength of the controls, identifying gaps, assisting and developing action plans to close gaps identified during the assessment period.
§ Participation in Security working groups to develop, improve and implement standards and processes.
§ Performing detailed assessments around:
- Information Security
- Technical Privacy
- Disaster Recovery
- Emerging technologies
- Secure systems development
- Technical Vendor Management
6. Liaison with and offers strategic direction to related governance functions (such as Vendor Management, Risk Management, Data Center, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary
Key personal characteristics and competencies of the ideal candidate:
- At least 10 years of full-time work experience in information security management and/or related functions (such as IT audit and IT Risk Management)
- Information security management qualifications such as CISSP or CISM
- Trustworthy with high standards of personal integrity
- Typically a background in technical IT roles such as IT architecture, development or operations, with a clear and abiding interest in information security
- Knowledge of Key Security Risk indicators and how to implement them
- Knowledge of vulnerability management systems