at AArete LLC in Chicago, Illinois, United States
Job Description
Description
Information Security Manager
AArete is one-of-a-kind when it comes to consulting firm culture.
Why AArete?
We are a global, innovative management and technology consulting firm, with offices in the U.S., India, and the U.K. Our name comes from the Greek word for excellence: "Arete." And excellence is exactly what we strive for.
Our success starts with enriching and empowering our people. From robust career development planning to competitive life and wellness benefits, AArete's "Culture of Care" takes a holistic approach to the employee experience. At AArete, we encourage you to unlock your full potential by directly contributing to our mission and prioritizing space for personal development and fulfillment.
The Role
AArete is looking for an Information Security Manager. You are highly technical with an entrepreneurial spirit and commitment to excellence. You strive in a team environment and can flip tasks and priorities midstream because you love an exciting challenge. The bar is set high at AArete. There is a lot to do around here, and you love getting the job done right.
Work You'll Do
Lead and oversee information security budget, staffing, and contracting.
Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
Security Program & Operations
Lead and align information technology (IT) security priorities with the business strategy.
Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity best practices.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs) against HITRUST, ISO, SOC2, etc. frameworks
Collect and maintain data needed to meet system cybersecurity reporting.
Ensure that security improvement actions are evaluated, validated, and implemented as required.
Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
Establish overall enterprise information security architecture.
Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
Establish information security strategies to address organizational security objective.
Identify information technology (IT) security program implications of new technologies or technology upgrades.
Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
Manage the monitoring of information security data sources to maintain organizational situational awareness.
Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
Oversee the information security training and awareness program.
Participate in an information security risk assessment during the Security Assessment and Authorization process.
Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
Recognize a possible security violation and take appropriate action to report the incident, as required.
Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.
Recommend policy and coordinate review and approval.
Use organization-specific... For full info follow application link.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
