FIND A JOB

Put your passion to work.

Information Security & Risk Manager

Boston, MA

Exciting stand alone security job opportunity to be responsible for the maintenance of this clients' Information Security program that ensures the availability, integrity, and confidentiality of their information assets. The role is also responsible for the maintenance of the their information security policies, standards, procedures and guidelines.

The manager will work with key business and IT leaders to assist project and application in identifying IT security and data protection requirements and/or security best practices.  The manager will also be responsible for incident response, investigations, and reporting. Knowledge of risk management frameworks is also required to implement strategies to mitigate prioritized risks. The manager will be responsible for the coordination of external security assessments, audits with the appropriate department or manager. In addition to the responsibility of coordinating client questionnaire, the manager will also be responsible for the vendor risk management process. The manager will also lead the Vulnerability Management and its process, tools and metrics. The information security manager will ensure adherence to SOC 2 and other generally accepted IT security and control practices throughout the IT landscape. 

JOB RESPONSIBILITIES: 

  • Manage systems and practices to protect client, employee and company information.

  • Establish and maintain data security strategies and programs.

  • Conduct risk assessments to evaluate the effectiveness of existing controls.

  • Investigate and remediate threats.

  • Monitor, investigate and resolve alerts escalated by third party SEIM provider (Rapid7). 

  • Provide technical guidance and recommendations for new products and services.

  • Develop and implement IT security policies, standards, procedures and protocols.

  • Conduct penetration testing and vulnerabilities scans and coordinate remediation.

  • Create and promote a high degree of data security awareness and coordinate annual wide security awareness training.

  • Participate in the maintenance of the Disaster Recovery and Business Continuity Plan.

  • Ensure all security policies and procedures are kept current.

  • Gather documentation/technical information in support of audit requests and issue remediation efforts.

  • Stay current with applicable government regulations and requirements.

  • Enforce best and most current practices as pertains to all aspects of data security.

  • Additional responsibilities as assigned.

 

QUALIFICATIONS:

  • Bachelor's degree in Computer Science, Information Security, or related field 

  • 5+ years’ experience in network/systems administration and 2+ years in security

  • CISSP, CISA, GIAC or other related information security certifications  

  • Able to clear government security checks as applicable

  • Demonstrates strong problem solving, analytical, interpersonal, and ownership skills

  • Possesses excellent collaboration skills for work with various internal team members

 

ADDITIONAL SKILLS/EXPERIENCE:

 

  • An understanding of security concepts, encryption, system hardening, defense-in-  depth designs, advanced persistent threats, anomaly detection and next-generation technologies.

  • Working knowledge and experience with any of the following technologies: VA, SIEM, DLP, IPS/IDS, AV, MFA, VPN, FW, AD, Wireless, ACL’s, & Port Scanning.

  • Experience with event logging and correlation in SOC or CSIRT.

  • Advanced knowledge of the Windows operating system.

  • Knowledge of ISO 27001 security standards.

  • Knowledge of rules and regulations related to GLBA, HIPAA, Mass Privacy, etc.

  • Knowledge of a variety of security tools.

 

Salary: 120-130K