Manager, Information Security
Coverys · Boston, MA · 2 wk ago
HybridInformation Technology$160k–$188k/yrFull-time
About the role
The Manager, Information Security is responsible for the implementation of Coverys’ information security strategy and policy and assisting in its development, with the goal of safeguarding the organization against threats, weaknesses and exploits.
Responsibilities
- Partner closely with Head of Governance and Security to execute security strategy roadmap for Coverys
- Implement and execute IT and Information Security strategies that will improve the security and reliability of systems and data
- Implement and update security, resilience and information governance standards and procedures as appropriate (using external benchmarks) and ensuring adherence to those standards to drive consistency of practice and organizational maturity
- Oversee and develop an ongoing program of vulnerability and operational resilience management, including regular external testing
- Work with internal audit to develop a plan for assurance of the effectiveness of the security, resilience and compliance of our services
- Work closely with Compliance and Legal teams to ensure that we understand and have documented our regulatory obligations and that we maintain compliance with them
- Oversee the planning and execution of any security or resilience related external audits
- Engage with transformation teams to ensure resilience and security are inherent to the delivery of those transformations and allocate the necessary resources
- Oversee the benchmarking of our security delivery against NIST CSF 2.0 and then develop a plan to increase our maturity from both a policy and practice perspective
- Regularly review and hone the toolsets required to monitor for, protect from, and respond to cyber incidents
- Ensure timely and viable incident response processes are in place
- Ensure we collate and regularly report on security governance metrics to leadership
- Accountable for key metrics that we will be establishing and maintaining for security operations progress
- Oversee the activities of the team and ensure clarity of roles and appropriate allocation of resources
- Maintain and monitor a suite of staff training in relation to security awareness skills and required behaviors
- Manage partners, stakeholders, vendors and third-party service or solutions providers of relevant IT Security services
- Carry out supervisory responsibilities in accordance with the organization's policies and applicable laws
- Support evolving business needs, as applicable
Requirements
- Bachelor’s degree in Computer Science, Information Systems, or STEM subject from an accredited college/university, required
- 5-8 years operational experience in information security within a regulated environment, required
- 2-3 years experience in a supervisory role, required
- Professional certification in information security, such as CISA, CRISC, CISSP or CISM, highly preferred
- Experience in managing information security audits, required
- Experience with information security within an environment that has regulatory requirements e.g. HIPAA, required
- Strong technical skills, with experience of firewall technologies, vulnerability management and remediation across a variety of technology platforms, managing security in cloud environment. E.g. Azure, AWS, required
- Excellent interpersonal and communication skills
- Ability to communicate effectively and influence stakeholders to implement Information Security recommendations
- Knowledge and experience of Firewalls, Identity Management, Managing Security in M365 and Azure, highly preferred
- Knowledge and experience of MS Purview, highly preferred
Qualifications
Qualified candidates must be eligible to work in the US without sponsorship or restriction.
Benefits
The base salary range for this role is $159,700 - $187,900. Individual compensation packages are based on a variety of factors that are unique to each candidate including geographic location, skill set, experience, qualifications and education.
Pay
TBD
Schedule
TBD