Security Information Manager Job Description
Security information manager
provides governance for policies, standards, and controls to ensure risks are aligned with business and compliance information security risk management strategy.
Security Information Manager Duties & Responsibilities
To write an effective security information manager job description, begin by listing detailed duties, responsibilities and expectations. We have included security information manager job description templates that you can modify and use.
Sample responsibilities for this position include:
Supervise employee(s) responsible for provisioning and de-provisioning access to information systems
Acquisition and vendor risk assessment due diligence
Identify threats/risks and provide authoritative advice and guidance on the application and operation of all types of information security controls, including legislative requirements
Lead change management and risk management efforts relating to Information Security issues, including developing plans to ensure timely completion of projects
Maintain the Risk Register of ISO 27001
Complete and implement all necessary steps to ensure the business complies with regulations and re-certification of ISO 27001
Become proficient in additional standards as needed, including HIPAA, PCIDSS, ISO 27002, and SSAE16
Development and communication of information security reports to Risk Committee and clients as required
Provide guidance to information security related audits and reviews, action resolutions (internal, external and client driven) to ensure that the business understands issues and remediation to effectively mitigate information security risks
May function in a leadership role by providing direction to support and professional staff
Security Information Manager Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Information Manager
List any licenses or certifications required by the position: CISSP, CISM, CISA, GIAC, SANS, ISO27K, CRISC, ISO, ISSMP, PCI
Education for Security Information Manager
Typically a job would require a certain level of education.
Employers hiring for the security information manager job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Education, Information Technology, Technical, Engineering, Information Systems, Business, Computer Engineering, Computer Information Systems
Skills for Security Information Manager
Desired skills for security information manager include:
Networking
Security controls
Application security
Databases
Incident management
Systems
Security engineering
COBIT
ITIL
Vulnerability management controls essential
Desired experience for security information manager includes:
Bachelor’s Degree in Information Systems or a related discipline, or the equivalent combination of education, professional training or work experience
3+ years of professional work in the area of information system
Knowledge of information security administration principles, methods, and techniques
Working knowledge of security standards (ISO, NIST)
Knowledge of information security solutions to include data loss prevention, intrusion detection/prevention, network security monitoring, and vulnerability management
Experience conducting forensic analysis and investigations by using tools such as Encase, FTK, Paraben
Security Information Manager Examples
1
Security Information Manager Job Description
Job Description Example
Our growing company is looking for a security information manager. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for security information manager
- Ensure that new client engagements, in the areas of responsibility, adhere to the required information security controls and policies
- Conduct assessments on Information security controls in order to measure the effectiveness of controls and identify control gaps
- Coordinate third-party risk assessments and audits
- Prompt response to DoD/DISA bulletins to ensure SIPRnet enclave is in compliance with all relevant regulations and other requirements
- Assist in the development of security policies, procedures, and instructions
- Design and verify implementation of various information security controls
- Work in partnership with Director of Risk, Director of Business Assurance, SH&E Manager and Head of Clinics to ensure any reporting, security updates and recommendations are synergised with current reporting requirements, SH & E manuals, BCP/DR, evacuations, Dawn Raids, security advice or training
- Identify current and/or potential security risks and develop, implement, drive and optimize security solutions, methodologies, policies and/or practices
- Develop, maintain and champion information security requirements, policies, and procedures across the business and technology
- Influence the continuous improvement of processes, policies and best practices to optimize performance and availability of technologies
Qualifications for security information manager
- Ensure the team delivers on the security goals, conduct performance appraisals for your team and make recommendations
- Minimum 5years+ in the field of information security ops, data protection ,infrastrucuture security and information security governance
- Exposure and experience in implementing / managing info sec ops for a large enterprise, preferably part of global ops
- Knowledge on endpoint and server side security
- Exposure on data protection products and its implementation like Mcafee, Websense
- Knowledge on application security concepts ( Web Application / Mobile Application)
2
Security Information Manager Job Description
Job Description Example
Our company is searching for experienced candidates for the position of security information manager. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for security information manager
- Ensure that all IT and information security programs and policies are in alignment/compliance with applicable privacy and identity theft laws and other regulations such as SOX, HIPAA, and PCI
- Collaborate with IT leadership, privacy officers, and human resources to establish and maintain a system for ensuring that security and privacy policies are met
- Assist in updating, maintaining and documentation of IT/OT security controls
- May oversee the audits of computer systems to ensure that they are operating securely and that data is protected from both internal and external attack
- Assist in updating, maintaining and documentation of IT security controls
- Working with other Information Security Specialists, providing advice and guidance to programmes on technical, policy and risk management topics
- You are an expert with a proven track record in Technical Risk management, Information Security, IT Auditing, or equivalent experience
- Support security initiatives and global policy adherence and awareness efforts in the areas of responsibility
- Support global information security metrics and reporting program(s)
- Provide security expertise to business units and key stakeholders
Qualifications for security information manager
- Strong understanding of information security and the relationship between threat, vulnerability, and information value in the content of risk management
- Must have a track record of implementing a comprehensive strategy and plan for managing information security
- Demonstrated ability to build an effective, cohesive, and collaborative team
- CISSP, CISM, PMP certifications are preferred
- Experience with implementing, monitoring, maintaining, and tuning security tools such as IDS/IPS, SEIM, FIM, Malware Prevention, Email Security, Privilege Access Tools
- Preferred candidates will have a Bachelor’s degree in Computer Science or related field
3
Security Information Manager Job Description
Job Description Example
Our growing company is looking to fill the role of security information manager. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for security information manager
- Develops and maintains a formal information system security program and policies for NTC
- Develop comprehensive enterprise information security, IT risk and compliance management program
- Develop, implement and monitor an ongoing employee education program for all employees on technology risk and appropriate mitigation strategies and approaches
- Identify and analyse business and technical security concerns with all new projects, and ensure secure controls/solutions are put in place or escalate as appropriate to ensure that EMS is managing the risk
- Working with Programme Managers and other teams within Information Security to forecast budgets for delivering security within the programmes
- Co-ordinating the delivery of services and assurance checks into the programmes from teams in the Information Security function
- Providing regular, accurate management reports and briefings on the status of information security within the programmes
- Contributing to the continuous improvement of the CISO framework for engaging with major programmes
- You will have a Bachelor’s degree or equivalent experience
- You have experience in running and managing regulatory assessments for a company with significant regulatory requirements, preferably Financial Services
Qualifications for security information manager
- Working experience with industry frameworks (CSF, ISO, COBIT)
- 10 or more years of experience with information security program management
- Demonstrated experience with computer security models and frameworks
- Demonstrated experience in the assessment of risk between corporate and production control networks (ie
- Bachelor’s degree in a related field or 15 years of experience in an information security role
- Completion of your CISSP
4
Security Information Manager Job Description
Job Description Example
Our company is growing rapidly and is hiring for a security information manager. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for security information manager
- Assist in the support of internal and external audits and risk assessment activities, including any required remediation of audit issues or mitigation of risk
- Assist in the development of security objectives and corresponding strategic plan to safeguard the company’s computer systems and data
- Undertake detailed gap analysis for compliance against GDPR, identify requirements and work with stakeholders across the business and externally with the client to get agreement to solutions, and to ensure delivery
- Develop and own the Security Management Plan for the business
- Work with the Programme team regarding all information security and data protection requirements of the new contract
- Ensure we achieve (in conjunction with Programme team) and maintain accreditation to ISO 27001
- Lean on all data protection and information security incidents and breaches, escalate, investigate and deliver on solutions as required
- Manage data protection and information security compliance of any suppliers, and undertake necessary audits, checks or rectification activity as required
- Manage IT Health Checks, Penetration Tests or other audits ensuring that high priority issues are resolved
- Generation and delivery of security information, guidance and training
Qualifications for security information manager
- 1+ year of experience with FedRAMP, FedRAMP+, SSAE16, ISO 27002, PCIDSS, HIPAA, SOX, or other information security standards
- 2+ years in a customer/public facing role
- Belief in the power of process to turn the extraordinary into the mundane and repeatable
- Strong organizational skills – you will have a good deal of independence
- Strong knowledge of IT security frameworks (ISO and NIST)
- Experience with ISO 27001 and PCI DSS
5
Security Information Manager Job Description
Job Description Example
Our growing company is searching for experienced candidates for the position of security information manager. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for security information manager
- Review and assess Information Security Controls across the business
- Lead negotiations with the third party assessor and internal audit
- Works across all aspects of AAG to ensure all areas are meeting regular reporting requirements for PCI
- Works with the Threat Defense, Security Governance, and Security Architecture teams to ensure information security activities are aligned
- Works with ITS infrastructure, network, and applications to drive security initiatives across the organization
- Drives automation and process improvement across all areas of Infosec
- Evangelizes for information security into all business units
- Works with business and ITS teams to refine and decrease the scope of the Common Desktop Environment
- Acts as a change agent through hands-on leadership
- Leads the Information Security team through coaching, counselling and developing team members
Qualifications for security information manager
- Proficiency in project management methodology, project planning tools and techniques
- Recruit operations staff for site, including variable and temporary staffing
- Knowledge identity management systems, including SailPoint or Oracle Identity Manager
- University degree in Computer Science, Information Systems Engineering or any related field alternatively suitably international information security certifications CISSP, CISA, CISM, BS17799 Lead Auditor, CFE
- Demonstrated project management capabilities in the IT field
- Demonstrated pattern of learning about the business technical concepts and trends