Senior Manager, Information Security
* Education, Experience and Certification:
o Education
+ Bachelor’s degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred
o Experience
+ Minimum of ten years of IT experience
# Minimum of seven years of information security experience
* Five years in an information security role
* Two years in a supervisory capacity
o Certification
+ Any one or more of the following
# Certified Information Systems Security Professional (CISSP) from ISC2
# Certified Information Systems Auditor (CISA) from ISACA
# Certified Information Systems Manager (CISM) from ISACA
# Global Information Assurance Certification (GIAC) from SANS
# Certified Information Privacy Professional (CIPP) from IAPP
# Project Management Professional (PMP) from PMI
* Excellent understanding of:
o Retail (preferably within grocery) industry business practices
o Solution development and delivery methodologies
o Server, desktop/laptop and mobile operating systems and software
o Networking concepts, technologies and protocols
o Information privacy and risk concepts and principles
o Information security concepts, protocols, industry best practices and strategies
+ Cryptography and cryptanalysis principles
+ Application technology security testing
o Common information security management frameworks such as:
+ International Standards Organization (ISO) and International Electrotechnical Commission (IEC)
# ISO/IEC 17799:2005
# ISO/IEC 270xx
+ National Institute of Standards and Technology (NIST)
+ United States Computer Emergency Readiness Team (US-CERT)
+ Open Web Application Security Project (OWASP)
+ IT Infrastructure Library (ITIL)
+ Control Objectives for Information and Related Technology (COBIT)
o Legal, audit and compliance concepts and processes and specific regulations:
+ Health Insurance Portability and Accountability Act (HIPAA)
+ Payment Card Industry Data Security Standard (PCI DSS)
* Demonstrated proficiency in:
o Leading business and technical teams:
+ Develop and guide information security team members and IT operations personnel
+ Work with minimal supervision
+ Program/project management including creating plans, budgeting, resource allocation, task monitoring and status reporting
o Working effectively with all parts and levels of the organization
+ Build relationships
+ Understand business imperatives
+ Effectively communicate verbally, in writing and in person with IT, program/project management, application development, management and business personnel
o Managing various third party partners (e.g., legal, law enforcement, service and solution providers, auditors and QSAs)
o Developing, maintaining and ensuring adherence to information security policies, procedures, standards and guidelines
o Analyzing risk and security requirements
o Determining business impact of security policies, technologies and tools
o Developing and documenting security architecture and plans (strategic, tactical and for individual projects)
o Establishing and maintaining compliance programs for specific regulations:
+ Health Insurance Portability and Accountability Act (HIPAA)
+ Payment Card Industry Data Security Standard (PCI DSS)
o Assessing risk, business impact, control, vulnerability and compliance and establishing strategies for remediation
o Testing technology solutions
+ Application security (white box, black box and code review)
+ System security (vulnerability scanning and penetration testing)
o Managing information security incidents
Other considerations
Responsibilities
Strategic Support
* With the CISO, develop program and security projects that address identified risks and business security requirements
* Manage the process of gathering, analyzing and assessing the current and future threat landscape
* Provide CISO with a realistic overview of risks and threats
* With the CISO, develop budget projections based on short- and long-term goals and objectives
* Monitor and report on compliance with security policies
* Enforce policies within the IT department
* Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance
* Manage a staff of information security professionals, hire and train new staff, conduct performance reviews and provide leadership and coaching (including technical and personal development programs)
Security Liaison
* With the CISO, develop program and security projects that address identified risks and business security requirements
Other Stuff
* Act as interface between CISO’s strategic and process-based activities and the work of technology-focused analysts, engineers and administrators.
* Translate IT-risk requirements and constraints of the business into technical control requirements and specifications
* Develop metrics for ongoing performance measurement and reporting
* Coordinates technical activities to implement and manage security infrastructure
o Manage highly technical staff (directly or coordinated through a matrix structure)
o Strong technical background
o Proven leadership skills
* Provide regular status and service level reports to management
* Ability to work with IT and business management to
o Align priorities and plans with key business objectives
o Balance real-world risks with business drivers such as speed, agility, flexibility and performance
* Ensure security measures are incorporated into strategic IT plans
* Ensure that service expectations are clearly defined
* Documentation and presentation skills (communicate to all levels of organization)
* Analytical and critical thinking skills
o Ability to identify needs
o Take initiative
* Project Management
o Lead project teams
o Develop and manage projects
o Prioritize efforts (operational tasks with longer-term strategic security efforts)
o Resource balancing across multiple IT and security teams
o Task prioritization and project reporting
o Vendor relationship management (ensure service levels and other obligations are met)
o Support CISO’s policies and strategies
Hours: 8:00 a.m. - 5:00 p.m.
Location: West Sacramento, CA
Available thru: 06/03/12
