Job Descriptions

IT SECURITY MANAGER

JOB DESCRIPTION

General Summary

The IT Security Manager is responsible for designing, directing, and delivering on IT security-related activities. IT security managers ensure that business processes remain secure without disruptions or compromising events. When issues or security incidents occur, IT security managers must quickly remediate the problem and communicate with the company's leadership to prepare for any business repercussions. The IT Security Manager will support the analysis of procedures and oversee activities for responding to cybersecurity incidents, ensure appropriate notification and reporting guidelines are properly executed, and help identify and implement mitigation strategies to reduce the risk. IT security managers must be experts in designing secure networks and understanding how components, such as antivirus software and endpoint security solutions, work together to create a secure network. Leverage domain knowledge to create cybersecurity solutions aligned to 4Wall's mission. IT security managers lead collaboratively, working with their teams to develop strong security systems.

Responsibilities of Position: Duties include but are not limited to:

Organizational Responsibilities

• Implementing policies and procedures to keep the organization in compliance with current legislation and standards.
• Providing employees with security training. It is critical that all workers understand how their everyday job actions affect the overall security of the firm.
• Training staff on defined policies and procedures on an ongoing basis.
• Collaborate with employees to understand how the policies affect their regular work activities.
• Keeping the infrastructure secure by supervising the IT auditing procedure (e.g., penetration testing, vulnerability assessments, etc.).
• Oversee assessment of all audit results and making necessary infrastructure adjustments.
• Take corrective and preventive action if an employee breaks the policies or procedures.
• Ensuring that the company's data is protected using the most secure technologies available.
• Maintaining the security of all applications, networks, and systems that interact with the outside world. This involves ensuring that all third-party service providers are held to the same security standards as the internal users.
• Serving as a point of contact for high-risk vulnerabilities and occurrences. This includes assessing the risk associated with new threats, vulnerabilities, and exploits before deciding how to respond to them.
• Train helpdesk staff on operational procedures and troubleshooting techniques. Provide training on new hardware and software applications as requested. 

Personal Responsibilities

• Understanding the security threats connected with various job functions.
• Keep up with new threats, vulnerabilities, and exploits as they emerge through education, training, conferences, and peer interactions.
• Must adhere to all company policies, SOPs, and other management directives.
• Provide a friendly, personal demeanour with a willingness to interact.
• Provide professional and friendly services.
• Commits to the Company Values and acknowledges dedication to providing excellent service for our users and internal team.

Team Responsibilities

• Work directly with IT Engineering, IT Support, IT Applications, and IT management to provide support and recommendations.
• Provide Cross-functional support and lend expertise to the IT organization as determined by IT management.

Key Requirements

• A Bachelor's degree in information security-related areas, such as information technology, information assurance, or cybersecurity, with relevant experience. Degrees in IT management or business administration can be an added advantage. Willing to substitute work experience for formal education.
• At least five years of expertise in the field of information security.
• Must-have hard skills are security management, cybersecurity (intrusion detection and prevention), identity and access management, security incident handling and response like DDoS attacks, ransomware, phishing, knowledge, and automation of SIEM tools to create incident response plans based on real-time analysis from alerts, audit, and regulatory compliance (HIPAA, GDPR, PCI DSS, etc.), application security development, etc.
• Must be able to make decisions about when to tell senior management about emerging threats and their possible impact on the organization's infrastructure.
• Must exhibit technical competence as well as leadership characteristics.
• Must be well-versed in information security methods, IT security architecture, and network architecture. 
• On the most basic level, familiarity with various operating systems such as Linux and Windows is a must-have.
• Must be knowledgeable about firewalls, intrusion detection protocols, and intrusion prevention measures.
• Professional certifications from ISC2, ISACA, CompTIA, and EC-Council. CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CompTIA Security+, CIH (Certified Ethical Hacker), SSCP (Systems Security Certified Practitioner), OSCP (Offensive Security Certified Professional).
• Valid Driver's License.

Physical Requirements

This position's job duties and tasks require the employee to sit regularly. The employee may choose to stand and move within their working area. Regular use of computer monitors and a keyboard/mouse will be required.  The employee must occasionally lift or move up to 20 pounds. Other physical requirements of the job include the ability to communicate. Generally, the employee will be in a temperature-controlled work environment set for general comfort.

Availability

• Must be available to work in the evenings and weekends, as required.

Position Location and/or Territory and Travel

• Las Vegas, NV office.
• Position may require travel on occasion

Position Type

• Full-Time/Regular
• Based on the Fair Labor Standards Act (FLSA), management has analyzed this position and determined it to be exempt due to the Executive Exemption.