Information Security Manager
Haven Residential - Louisville, KY
Apply NowJob Description
What sets us apart from other property management companies? We're innovators and change-makers who challenge the status quo. Haven Residential is a next-generation, full-service property management company with a wealth of industry experience in real estate operations, revenue management, marketing, leasing, and new development lease-up. We understand that attracting top talent to join our team is key to our success and offer a competitive benefits package of 15 Paid Vacation Days, 6 Paid Sick Days, 10 Paid Holidays, Immediate Eligibility for Medical, Dental and Vision Insurance, Health Savings Account, Short Term Disability, Basic Life Insurance, Pet Insurance, Tuition Reimbursement, 401K and more! The Role... The IT Security Manager is responsible for developing and implementing security strategies, policies, and procedures to protect the information systems and data from unauthorized access, use, disclosure, disruption, modification, or destruction. The IT Security Manager is responsible for ensuring compliance with industry regulations and standards, as well as leading initiatives to achieve compliance with various audits. This position is also responsible for ensuring our vendors and partners are in compliance with security processes and controls. The position is hands-on and requires tactical management of security processes, frameworks, and tools. This is a hybrid role that will allow for flexibility to work both in the office and remotely. The Essential Job Functions.. Develop, execute, and oversee the organizations security strategy and roadmap. This includes identifying the organizations most critical assets and threats, developing a plan to collect and analyze threat intelligence data, implementing security controls, and developing incident response and backup recovery policies and procedures. Monitor and evaluate the effectiveness of security measures, conduct regular security audits and vulnerability assessments, and ensure compliance with industry regulations and standards and resiliency of our infrastructure and applications. Manage incident response and disaster recovery planning, stay current with emerging security threats and technologies, and train and educate team members on security best practices and policies. Assist in technical support to monitor, mitigate, manage, and track security incidents. Collaborate with other departments and stakeholders to integrate security measures into business processes and operations. Assist with process development and procedures to improve existing infrastructure, security, and system reliability, while maintaining compliance with current and future needs. Manage cyber security risks, threats, and vulnerabilities, provide recommendations for updates and remediation of IT policies and risk assessments, lead and develop disaster recovery planning, and assist in installing, implementing, and maintaining security software. Monitor and review changes and document updates for compliance with policies and procedures, assist in managing control automation and process improvement initiatives, and ensure compliance with change control procedures. Implement and enforce security policies, procedures, and training programs for all employees to create a culture of security awareness. Conducting risk assessments of third-party services and partner organizations to determine the effectiveness of their cybersecurity controls. Reviewing evidence provided by third-party suppliers to determine the maturity and effectiveness of their controls (e.g. audit reports, PEN test results, policies, standards, procedures, etc.). Identifying strengths and weaknesses within vendors cybersecurity programs, documenting results and presenting information to key stakeholders. Direct and supervise members, contractors, and vendors of the security team, develop and maintain IT and security policies and procedures, and assist with IT and cybersecurity budget development and tracking. Consulting and advising stakeholders on tools, processes, and governance to manage risk and protect and ensure safety of the company technology operations. (e.g. privilege management, security configuration compliance validation tools, cloud security operations, access control, network security, enforcement policy scripting, workload security, and data security Oversees enterprise Information Technology identity and access management for the organization. Directs identity and access management (IAM) strategies, implementation, and maintenance for the organization while overseeing IAM development, vendor relationships and contracts, and maintains the IAM suite of products and services. Provides oversight, leadership, and strategic management of key IAM programs and controls necessary to ensure the protection of data, networks, and information assets. Responsible for IAM coherency across IT systems through data analysis and validation. Accountable for governance, design, delivery, and operation of IAM technologies, processes, and solutions. Manage and maintain role-based access control (RBAC) across all digital platforms and data repositories based on the principle of least privilege. Conduct research and analysis on emerging cyber threats. This includes conducting research on emerging cyber threats and developing new methods for collecting and analyzing threat intelligence data. What youll offer.. Strong sense of ownership for their function and continuously look for ways to improve Have a deep understanding of process improvement and organizational change management practices Possess strong written and verbal communication skills Comfortable working with limited supervision and working with ambiguity Strong leadership skills to guide and inspire a team, set priorities, and manage projects to ensure effective security operations. Ability to assess and manage security risks, perform risk assessments, and make informed decisions to mitigate potential threats. Proficiency in establishing and enforcing security policies, standards, and compliance with relevant regulations (such as GDPR, ISO 27001). Ability to meet critical deadlines and prioritize multiple tasks in a fast-paced environment. Excellent organizational skills and attention to detail. Expert analytical and problem-solving skills; ability to provide root cause analysis and demonstrate results through testing and metrics. Strong project management skills, with the ability to multi-task, manage multiple projects, and meet deadlines. Ability to manage and prioritize multiple projects while adhering to deadlines and budgets. Education and Experience... Bachelors Degree in Computer Science or related field preferred but not required. CISM, CISA, CISSP, or equivalent experience related to job role and functions. Experience leading and managing IT or Security governance, policies, standards, and controls, and industry regulations, frameworks, and best practices (e.g., ITIL, NIST, SOC, PCI, ISO) Experience designing, implementing, and managing privacy/security solutions for M365 including best practice configurations utilizing M365 eco-system. In-depth knowledge of cybersecurity principles, best practices, and emerging threats to develop and implement effective security strategies. Experience implementing and/or managing large-scale Identity and Access Management systems, including Duo, Okta, Azure, etc. Prefer experience using Atlassian JIRA or equivalent to manage backlogs and document features. Experience working with internal stakeholders and managing projects, or equivalent experience. Proven ability to manage large-scale technical projects, including organization, planning, implementation, and execution. HRA
Created: 2024-10-06