View Job - 4038 - Information Security Manager (SC P) [4038]
Job ID:4038
Job Title:4038 - Information Security Manager (SC P)
Job Location:Jersey City, NJ
Position type:Permanent
No. of Pos.:2
Cand. Rate:$130-135k

Location: Jersey City, NJ

Information Security Manage
Member of the Client’s Global Information Security Office:

Individual contributor to implement and execute a program that monitors, detects, and responds to information security threats, vulnerabilities and incidents. This individual identifies, analyses, and responds to current threats to and vulnerabilities of the company’s information assets. The individual must also perform intelligence gathering to collect information available on the Internet about Client businesses and determine whether there are potential information leaks, threats, trademark infringements, criminal activities, or other items that may present a risk to the company. The individual must also function as a computer forensic specialist who will assist Corporate Security in conducting investigations that involve information assets.
·         Threat Monitoring – Review and analyze intrusion attempts targeted at Client; coordinates with the BNY enterprise program
·         Information Security Testing – Execute tests internally and with vendors to evaluate the adequacy of applications, network, and system controls to identify vulnerabilities
·         Forensics – Analyze and investigate suspicious activities on electronic and information assets
·         Vulnerability Management - Prioritize identified system vulnerabilities and oversee timely remediation
·         Computer Security Incident Management (CSIRT) – Respond to information security incidents to promptly contain the risk, manage the recovery and investigation efforts, escalate as necessary, and track corrective actions
·         Virus Incident Response – Participate in response to significant virus and worm attacks
·         Establish and manage an Information Security program for each of the Client business units, collaborating with, and incorporating into, the strategic GISO program
·         Supporting Information Security remediation requirements set forth by Internal Audit and Corporate Compliance
Education, Experience, Skills Desired:
·         Strong working knowledge and experience in information security and privacy laws, policies, standards, technologies, and industry best practices
·         Highly technical, especially as regards information security technologies and controls
·         Demonstrated expertise in designing and conducting testing of systems and IT security controls (ethical hacking/pen testing, vulnerability scans, etc.) and must maintain current knowledge of hacking techniques, vulnerabilities and threats
·         Strong experience in executing a corporate CSIRT program, conducting forensic investigations, and legal-evidentiary handling requirements
·         Strong experience in analyzing and prioritizing threats and vulnerabilities
·         Must be able to respond effectively and be level-headed in crises, providing clear leadership in incident management
·         Must be appropriately reactive, not over-reactive; outstanding business judgment
·         Demonstrated organization, facilitation, writing, documentation, communication, and presentation skills
·         Strong personal and professional ethical values and impeccable integrity
·         Self-starter with the energy level needed to meet this demanding role
·         Must be an intelligent, highly organized, articulate, professional and persuasive leader who can serve as an effective member of the Information Security Office, appropriately represent Global Information Security Office with Management, and is able to communicate information security-related concepts to a broad range of technical and non-technical staff
·         5+ years in Information Security
o        Application Security
o        CISSP, CEH or equivalent

Powered by ApplicantStack