Information Security Manager

Position: Information Security Manager Location: Philadelphia, PA Hybrid Duration: 12 months Rate: Open Interview: Video The resource covered under this SO will support the cyber security program for the Client: The client is implementing a cyber security program to ensure current security policies are enforced throughout the organization, identify gaps in existing policies, and ensure both users and systems administrators are properly trained. This program will be an extension of the program developed by the Information Security group in the Office of Innovation and Technology. Position overview / Statement of Work The client is recruiting an experienced Information Security Manager to create and implement a cyber security program. The environment consists of a data center for hosting business applications, Industrial control systems at various facilities, and multiple networks for collecting and transmitting data, and the Information Security Manager will be responsible for ensuring the overall confidentiality, integrity, and availability of these systems and networks. The Information Security Manager will maintain security policies and procedures, identify risks, ensure IT security controls and operational processes are in place to mitigate identified risks. Working with the Office of Innovation and Technology's Information Security Team, the Information Security Manager will also review existing policies and procedures to determine any gaps and work with business leaders and vendors to create new policies to ensure those identified gaps are mitigated. Overall, The Information Security Manager will promote an efficient, effective, updated, and secure IT environment in alignment with present and future cyber risks. The Information Security Manager will oversee the selection of appropriate security solutions (tools) and oversight of any vulnerability audits and assessments and follow up with remediation based on audit recommendations. Work activities:

• Guide the development and implementation of a cyber security program, including the creation of security policies and procedures.
• Work with stakeholders to ensure policies and procedures are implemented and followed; provide regular feedback to team and management.
• Work with vendors to ensure industrial control systems are secured.
• Work with Business & IS&T stakeholders to provide guidance and security expertise for contractual language needs and requirements.
• Ensure ongoing integration of information security with business strategies, projects, and day-to-day operations.
• Work with technical support teams to provide security solutions, tools and processes to ensure secure business operations.
• Owns the management and execution of security-related audits.
• Evaluate IT infrastructure and applications, including network devices, firewalls, VPNS, desktop and server configuration, database security, and other security devices and applications, with a goal of eliminating or mitigating security risk.
• Stay abreast of new threats, trends, vulnerabilities, and security-focused technologies.
• Develop and implement security plans for new systems and applications.
• Coordinates development of IT Security training initiatives.
• Communicates unresolved security exposures, misuse, or non-compliance situations to management.
• Oversee periodic system patching of applications, operating systems, and security / storage appliances as required.

• Bachelor's degree (Masters Preferred) in computer science, systems analysis, information technology or a related study, or equivalent experience.
• 5-10 years IT experience with a minimum of 5 years information security/infrastructure protection and information security audit experience. Minimum of 2 years direct interactions with executive management.
• Experience in developing security policies and standards.
• Experience with security policy frameworks, particularly with the NIST Risk Management Framework (RMF) and its components.
• Proficiency in development, implementation, and management of cyber security programs.
• Familiarity with event detection and response (EDR) solutions.
• Knowledge of cloud computing services (O365\AWS\Azure)

• Experience with Industrial Control Systems (SCADA, ABB, or Emmerson)
• Knowledge of vulnerability management tools like Rapid7
• Network configuration\architecture experience (Juniper preferred)
• Experience and understanding of layer 3 protocols including OSPF and BGP