Previous Job
Security Manager
Ref No.: 18-00020
Location: white plains, New York
Position Type:Full Time/Contract
Start Date: 07/13/2018
·         Operational IT Security - Advise, cascade and ensure implementation of the global security standards & procedures by the local OpCos business and GIS teams.
-      Implement Client's Security Strategy in local OpCos and manage changes required due to local legislative requirements, in consultation with the regional Information Security & Risk Manager.  
-      Develop, implement, maintain and enforce policies, procedures, and associated plans for system security, administration, and system and data/system access based on company and industry standards. 
-      Establish compliant processes and ensure adherence to local access management requirements
-      Implement effective security related monitoring and auditing activities.
-      Local security reviews of global services to maintain the highest level of security for the information and IT assets.
-      Evaluate new local OpCo programs/services/solutions operational environment and ensure compliance with client's security standards.
-      Provide knowledge and expertise on IT Operational Security matters for local Service Line Managers.
·         Information Security Standard (ISS) Compliance - Continuously assesses compliance of Local OpCos to the ISS by testing the ISS controls as detailed in the Information Security Procedure (ISP).
-      Document assessments, results and evidence and leads root cause and remediation activities related to Security.
-      Report compliance to ISS & ISP on a continuous basis and upon request from the IS&RM team and on a yearly basis during the annual IRSA (Information Risk Self-Assessment);
-      Monitor and drive the timely closure of tasks related to audit and internal control issues raised by e.g. Global Audit, Information Security & Risk Managers, etc.   Reports regular status to OpCo GIS Managers.
-      Establish OpCo Security Improvement plans addressing gaps identified in the IRSA and HeiRules processes aligned with issues and tasks identified through audits performed by the Global audit team or external auditor. 
·         Information Security Remediation - Develops and manages the Information Security action plan to address identified risks and non-compliance:
-      Gain approval from the relevant management team on that action plan and its related budget;
-      Monitor and report on the execution of that actions plan, reporting locally to the local management team and centrally to the Regional Information Security & Risk Management Team.
-      Analyse and challenge derogation requests regarding the ISS/ISP that OpCos could have with a new solution or program, and communicate them to the global security operations and risk management teams for approval in order to protect the client security environment.
·         Incidents/Breaches - Serve as an IT Security Advisor for any local IT security breach or new initiative.
-      Perform/guide/drive digital investigations upon the request of Local OpCo/HR or Legal teams in case of breaches of client's Code of Business Conduct
-      If the OpCo faces any critical IT security incidents or breakout, he/she is responsible as the local security incident lead to resolve with the IT Head in consultation with the Global Security Officer, IT Directors and Service Lines.  
-      Identify and perform independent analysis to resolve complex first-time issues including the analysis of technical and economic feasibility of proposed security systems/ solutions. He/She is also responsible to assist the global security operations team for any IT technical audit (e.g. Ethical Hack) to any OpCo IT infrastructure or service that a 3rd Party offers to client with a valid and open contract to ensure that security policies are in place.
-      Advise OpCo operations teams on security requirements (e.g. Patching, Anti-Virus, Upgrading, firewalls, VRFs, etc.)
·         Security Awareness - Manage /Develop /Improve Security awareness and training initiatives within the OpCos.
-      Define, design and deploy ongoing educational assets to improve security.
·         Security Strategy & Innovation – Participate in developing and evolving client security strategy
-      Identify potential risks and recommendations on measures to prevent and/or avoid risk to include them in global operational security strategy.
-      Assist the global operational security team in the design of controls/ standards and procedures that have broad implications, requiring systems integration of one or more technical platforms.
-      Collaborate with the regional Information Security & Risk Management Manager to understand and develop further the controls and processes required to improve information security.
-      Drive local implementation of new Security strategies and standards from Central GIS.
-      Participate in peer security forums to identify opportunities to benchmark and continuously improve implementation of standards and best practices from client GIS or the marketplace.
Provide security expertise across multiple technical platforms in all phases of solutions development and operations.