Information Security and Privacy Manager

Job Overview
Our client in the Bedminster area of NJ has an excellent opportunity for an Information Security and Privacy Manager!   
 

Responsibilities:

  • Lead and develop a team of security and privacy risk professionals.
  • Develop, maintain, and communicate policies, standards, guidelines and procedures to internal stakeholders.
  • Implement frameworks and procedures to continuously identify, assess, manage, treat, and monitor information security and privacy risks.
  • Work with the Regulatory Compliance department to document the company’s security and privacy obligations, monitor our jurisdictions and prepare for legislative and regulatory changes.
  • Provide guidance and support for communications with regulatory authorities and the public concerning security and privacy issues, including processing data subject requests and responding to customers’ security questionnaires.
  • Lead or support internal/external audits and assessments, track findings and oversee the resolution of identified issues to reduce risks to an acceptable level.
  • Maintain and enhance the security and privacy control frameworks. Recommend and coordinate the implementation of controls to support and enforce policies. Continuously test and monitor controls to provide assurance they are designed and operating effectively.
  • Lead efforts to identify information asset owners, classify and map data, processes, and systems in support of the control framework implementation.
  • Partner with Vendor Management to assess third party risks and ensure contracts include security and privacy requirements to protect the business.
  • Lead the Training and Awareness program that continuously educates associates on the latest threats, and relevant security and privacy requirements associated with their roles.
  • Monitor and report on changes to the threat landscape, including security advisories received from the government, regulators and third-party vendors.
  • Define metrics and reports to track progress on the program’s maturity and monitor emerging risks.
  • Develop and deliver executive level reports and presentations on security and privacy risk.
  • Stay current on technology trends and regulatory requirements.

 

Experience:

  • Bachelor’s Degree in Information Systems, Cyber Security, Computer Science, Business Administration, or related field is required.
  • Minimum of 2 years of experience managing Information Security or Privacy staff, with a minimum of 7 years’ experience in an Information Security or Privacy role.
  • Certifications in one or more areas: CISSP, CISM, CISA, CRISC, CIPM, CIPP, CIPT, or comparable.
  • A strong working knowledge of state, federal and international Information Security and Privacy laws, regulations, and industry best practices.
  • Experience working with Compliance, Audit, and Legal staff in a heavily regulated and/or audited environment.
  • Significant experience designing, implementing, and enhancing security and privacy programs, aligned to common frameworks, including NIST, ISO, CIS CSC, PCI DSS, GDPR, CCPA, and SOC 2.
  • Proven experience developing security, privacy, and information risk assessment programs.
  • Deep working knowledge of Information Security and Privacy principles and best practices.
  • Proficiency in leading and performing risk, control, and vulnerability assessments, and defining treatment strategies.
  • Experience developing, maintaining, and communicating policies, procedures, standards and guidelines.
  • Ability to promote security and privacy requirements up and down the management chain, including to audiences who have varying levels of familiarity with related topics.
  • Ability to understand business process flows and to provide recommendations for operationalizing security and privacy requirements.
  • Experience conducting and managing third-party assessments in accordance with industry standards.
  • Knowledge of modern cloud and network architectures, enterprise applications, operating systems, software, and services.
  • Familiarity with governance, risk, and compliance (GRC) tools and how they can be used to support security and privacy program requirements.
  • Coordination of company-wide awareness and training.
  • Experience with data discovery and classification, data mapping, records retention, and access control.
  • Highly motivated self-starter, with the ability to work well under minimal supervision.
  • Strong project management skills with demonstrated experience leading enterprise-wide efforts to successful completion.
Job Detail
Shortlist Never pay anyone for job application test or interview.