Vacancy expired!
Senior Manager, Security and Compliance
Compensation: $150k-$160k DOELocation: Portland, OregonLedgent Technology is partnering with a leader in early childhood education to find a Senior Manager of Information and Security Compliance.The Senior Manager of Information Security & Compliance to drive our security and compliance strategy. In this unique role, the information security leader will act as process owner for the development and implementation of an organization-wide information security program and ongoing activities to preserve the availability, integrity and confidentiality of the company's information resources in compliance with applicable security policies and standards. You will bring your leadership presence and security experience to oversee the implementation of the information security program, working closely with your business partners and stakeholders. Essential Functions: Collaborate with all business groups in formulating policy and strategy for Information Security. Communicate and educate all levels of business leadership on the value and their role in IT Security to the company. Develop and maintain IT security policies, procedures and guidelines as required ensuring changing enterprise needs are met. Regularly discover and assess security threats & risks that could reasonably be of impact to KCE and create strategic and tactical plans to mitigate those risks. Review availability and identification of unacceptable levels of supplier risk as they pertain to IT security requirements and hold those suppliers accountable to action plans to mitigate those risks. Review incident reports for compliance with KCE policy and procedures and provide for modification of policies and procedures to address new security threats. Coordinate development and end user training in accordance with KCE security policies and procedures. Define high level security requirements across multiple disciplines of IT including applications, network and systems. Review and approve service provider's security solutions and procedures as they apply to services being utilized by KCE. Regularly review and approve project level security requirements and impacts, ensuring IT security best practices, policies and procedures are applied. Conduct routine audits of KCE systems & processes to assess adherence of KCE's systems to regulatory, compliance, and best practice standards requirements. Collaborate cross functionally to ensure remediation plans are clear and meeting objectives. Communicate in written and verbal forms to all levels of the organization on security issues and plans. Incorporate ITIL best practices in the go forward plans and procedures for KCE security. Act as the KCE coordination point for security events, and routine audit processes. Coordinate responses for customer-initiated documentation requests, regarding KCE security policies, procedures and events. Provide security requirements for new technologies that are both planned for implementation and under review for potential future deployment. Qualifications Bachelor's degree in computer science or related field and/or 4+ years of professional IT security and leadership experience At least 3 years of information security management experience is required At least 3 years of demonstrated technical leadership across one or more technical domains such as application development, systems engineering, network engineering, end point management, cyber security tools (EDR, IDS/IPS, Systems Hardening, etc) Certified Information Systems Security Professional (CISSP) is preferred. Certified Information Systems Auditor (CISA) and Certified Information Security Manager preferred. Demonstrated experience implementing security initiatives that require partnership with business, functional IT departments, and customers. Demonstrable experience implementing and operating within industry standard governance frameworks such as Cobit 5, CoSo, or others. In-depth knowledge of IT security practices and procedures for enterprise environments including, but not limited to, mobile devices, cloud services, enterprise applications, data centers and networks. Desired general knowledge of technical architectural disciplines including:o Business systems, and web architectureso System and network security and controls.o Multi-unit/retail-like systems & end-point architectureso Current security trends in End Point (PC / Tablet / Smart Phone) technologies Advanced knowledge of information security principles and processes including security risk assessment standards, risk assessment methodologies, and vulnerability assessment. Superior written and verbal communication skills. Demonstrated ability to build relationships with business, supplier, and technology stakeholders. Demonstrated ability to implement business-driven solutions in a complex environment.We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance. We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.Vacancy expired!