Information Security Manager
- Employer
- K12 Inc.
- Location
- Herndon, VA, United States
- Salary
- Competitive
View more
- Job Category
- Administrator, Supervisor / Manager, Support Staff, Safety / Security
You need to sign in or create an account to save a job.
Requisition Number 18-3534
Title Information Security Manager
City Herndon State VA
Description
: At K12, we recognize the critical nature of information security and the need to demonstrate administrative, technical, and physical safeguards to help ensure the confidentiality, integrity, and availability of student/teacher records and intellectual property. K12 is a fast-paced environment and our security program is designed to enhance growth and innovation through emphasis on security automation, usability and consultation.
The Information Security Manager reports to the Sr. Director, Information Security, Audit and Compliance and works closely with technology team leads in Information Technology, Product Development and Marketing to implement K12's IT security strategy. The Information Security Manager will have particular focus on external risk management and on planning, coordination, implementation and execution of policies and projects at an organizational level.
The Information Security Manager will work with subject matter experts and external parties to develop system hardening standards and automated mechanisms for detecting and correcting exceptions. The Information Security Manager will support IT Audit and Compliance with security control validation, network and web application penetration testing engagements and risk reporting. The Information Security Manager will be expected to support the Sr. Director in reporting on security trends, key risk and security program metrics.
The Information Security Manager will bring to K12 a solid understanding of and practical experience applying best practices and standards for securing information residing in on premises and cloud environments such as including NIST 800-53 and, CIS Top 20, CIS AWS Foundations and AWS Well Architected Framework0. The Information Security Manager will rapidly acquire a working understanding of K12's infrastructure, software applications, data management and IT goverance processes.
Responsibilities:
• Manage security risk assessments (SRAs) for both custom developed and third-party applications.
• Assist in identifying application control deficiencies and the associated risks.
• Document identified IS risks to incorporate relevance and impact to enterprise systems, infrastructure and business process.
• Communicate effectively orally and in writing and express conclusions and recommendations in a clear, technically sound manner, understand and communicate how vulnerabilities can be exploited within technology and the enterprise environment in a manner that resonates with the business areas.
• Provide remediation recommendations and/or recommend alternate solutions to resolve gaps against IS Standards.
• Develop and maintain relationships with internal and external customers to formulate information security risk solutions.
• Provide security consulting and advisory services to business units and project teams
• Develop and maintain process, risk methodologies and SOP documentation.
• Researches and maintains knowledge base regarding Industry frameworks, best practices, information security issues, solutions and potential implications.
• Assists in the development, implementation, delivery and support of an enterprise wide information security strategy and privacy policies aligned to the strategic requirements of the business and consistent with legal obligations.
• Ensures compliance between business strategies and information security and data privacy.
• Develop a thorough understanding of all IT systems and how those systems are secured.
• Assists in the review of information security and data privacy provisions in contractual agreements with customers, vendors, and partners in order to ensure our ability to comply with provisions.
• Collaborates with technology teams (Infrastructure, Enterprise Architecture, Development, Marketing, etc.) and leads to ensure an appropriate security posture at all times.
• Assists in actively promoting a culture of information security throughout the Technology organization and supports the Director in promoting a culture of information security across the enterprise.
• Captures and reports key metrics to the Technology leadership and PMO as needed
• Formulate internal and/or external cyber security policy guidance using best practice frameworks such as NIST 800-53, CIS and others. including NIST 800-53, CIS Top 20, CIS AWS Foundations and AWS Well Architected Framework.
• Organize, manage, and track all cyber policies through a policy management lifecycle;
Requirements • BA/BS and at least three (3) years of experience in cyber risk management required.
• At least one (1) year of experience in producing Process Models and Diagrams using BPMN, UML, Visio or other Process Modeling tools.
• Familiarity with FERPA, Sarbanes-Oxley, PCI-DSS, HIPAA and the GDPR.
• Working knowledge of technology infrastructure is required, e.g. Network, Operating Systems (Unix, Windows), Databases, Middleware, Web Applications.
• Deep understanding of, and experience in applying Solid understanding of information security policies, standards, industry best practices, and frameworks (ISO 27K, NIST 800 series, CIS, PCI, etc.)
• Knowledge of cybersecurity threats, hacker methodologies and tactics.
• Experience with auditing for external vendor risk.
• Experience managing and developing baseline security configurations and experience with common industry guidelines (CIS, STIGs, etc.).
• Experience developing high-quality briefings for senior-level personnel.
• Possess strong written and oral communication skill and can interact with department leadership.
Certificates and Licenses:
• One or more certifications from reputable organizations such as (ISC)², ISACA, SANS GIAC. Any of the following certifications: CISSP, CISM, CRISC, CISA, and GIAC are preferred.
• AWS Certified Cloud Practitioner (or any active AWS Certification. AWS Certified Security Specialty preferred
OTHER SKILLS & ABILITIES:
• Highly motivated and a self starter with interest in learning and taking on increasingly complex tasks
• Strong communication skills both verbal and written and proven ability to negotiate with other teams without inhibiting productivity
• Ability to work across multiple job levels to achieve results
• Proven ability to manage multiple tasks simultaneously in a deadline driven process
• Consistent success working in a team environment
• Ability to utilize advance feature of office productivity tools (MS Excel, Access, SharePoint, PowerPoint)
• Outstanding time management and organization skills
PREFERRED QUALIFICATIONS:
• Demonstrated experience with the following compliance frameworks: PCI-DSS, SOC 2/3, ISO 27001, GDPR, CIS Top 20, CIS AWS Foundations and AWS Well Architected Framework.
• Experience scripting in Python, Perl and PowerShell
• Demonstrated knowledge in penetration testing tools and techniques
• Experience as an incident response coordinator
• Demonstrated experience in intrusion attempt and compromise detection
• Experience managing internal/external audits and compliance programs
• Prior project management exposure.
• Experience in working with Systems Development Lifecycle (SDLC) for both the Waterfall and Agile methodologies
Title Information Security Manager
City Herndon State VA
Description
: At K12, we recognize the critical nature of information security and the need to demonstrate administrative, technical, and physical safeguards to help ensure the confidentiality, integrity, and availability of student/teacher records and intellectual property. K12 is a fast-paced environment and our security program is designed to enhance growth and innovation through emphasis on security automation, usability and consultation.
The Information Security Manager reports to the Sr. Director, Information Security, Audit and Compliance and works closely with technology team leads in Information Technology, Product Development and Marketing to implement K12's IT security strategy. The Information Security Manager will have particular focus on external risk management and on planning, coordination, implementation and execution of policies and projects at an organizational level.
The Information Security Manager will work with subject matter experts and external parties to develop system hardening standards and automated mechanisms for detecting and correcting exceptions. The Information Security Manager will support IT Audit and Compliance with security control validation, network and web application penetration testing engagements and risk reporting. The Information Security Manager will be expected to support the Sr. Director in reporting on security trends, key risk and security program metrics.
The Information Security Manager will bring to K12 a solid understanding of and practical experience applying best practices and standards for securing information residing in on premises and cloud environments such as including NIST 800-53 and, CIS Top 20, CIS AWS Foundations and AWS Well Architected Framework0. The Information Security Manager will rapidly acquire a working understanding of K12's infrastructure, software applications, data management and IT goverance processes.
Responsibilities:
• Manage security risk assessments (SRAs) for both custom developed and third-party applications.
• Assist in identifying application control deficiencies and the associated risks.
• Document identified IS risks to incorporate relevance and impact to enterprise systems, infrastructure and business process.
• Communicate effectively orally and in writing and express conclusions and recommendations in a clear, technically sound manner, understand and communicate how vulnerabilities can be exploited within technology and the enterprise environment in a manner that resonates with the business areas.
• Provide remediation recommendations and/or recommend alternate solutions to resolve gaps against IS Standards.
• Develop and maintain relationships with internal and external customers to formulate information security risk solutions.
• Provide security consulting and advisory services to business units and project teams
• Develop and maintain process, risk methodologies and SOP documentation.
• Researches and maintains knowledge base regarding Industry frameworks, best practices, information security issues, solutions and potential implications.
• Assists in the development, implementation, delivery and support of an enterprise wide information security strategy and privacy policies aligned to the strategic requirements of the business and consistent with legal obligations.
• Ensures compliance between business strategies and information security and data privacy.
• Develop a thorough understanding of all IT systems and how those systems are secured.
• Assists in the review of information security and data privacy provisions in contractual agreements with customers, vendors, and partners in order to ensure our ability to comply with provisions.
• Collaborates with technology teams (Infrastructure, Enterprise Architecture, Development, Marketing, etc.) and leads to ensure an appropriate security posture at all times.
• Assists in actively promoting a culture of information security throughout the Technology organization and supports the Director in promoting a culture of information security across the enterprise.
• Captures and reports key metrics to the Technology leadership and PMO as needed
• Formulate internal and/or external cyber security policy guidance using best practice frameworks such as NIST 800-53, CIS and others. including NIST 800-53, CIS Top 20, CIS AWS Foundations and AWS Well Architected Framework.
• Organize, manage, and track all cyber policies through a policy management lifecycle;
Requirements • BA/BS and at least three (3) years of experience in cyber risk management required.
• At least one (1) year of experience in producing Process Models and Diagrams using BPMN, UML, Visio or other Process Modeling tools.
• Familiarity with FERPA, Sarbanes-Oxley, PCI-DSS, HIPAA and the GDPR.
• Working knowledge of technology infrastructure is required, e.g. Network, Operating Systems (Unix, Windows), Databases, Middleware, Web Applications.
• Deep understanding of, and experience in applying Solid understanding of information security policies, standards, industry best practices, and frameworks (ISO 27K, NIST 800 series, CIS, PCI, etc.)
• Knowledge of cybersecurity threats, hacker methodologies and tactics.
• Experience with auditing for external vendor risk.
• Experience managing and developing baseline security configurations and experience with common industry guidelines (CIS, STIGs, etc.).
• Experience developing high-quality briefings for senior-level personnel.
• Possess strong written and oral communication skill and can interact with department leadership.
Certificates and Licenses:
• One or more certifications from reputable organizations such as (ISC)², ISACA, SANS GIAC. Any of the following certifications: CISSP, CISM, CRISC, CISA, and GIAC are preferred.
• AWS Certified Cloud Practitioner (or any active AWS Certification. AWS Certified Security Specialty preferred
OTHER SKILLS & ABILITIES:
• Highly motivated and a self starter with interest in learning and taking on increasingly complex tasks
• Strong communication skills both verbal and written and proven ability to negotiate with other teams without inhibiting productivity
• Ability to work across multiple job levels to achieve results
• Proven ability to manage multiple tasks simultaneously in a deadline driven process
• Consistent success working in a team environment
• Ability to utilize advance feature of office productivity tools (MS Excel, Access, SharePoint, PowerPoint)
• Outstanding time management and organization skills
PREFERRED QUALIFICATIONS:
• Demonstrated experience with the following compliance frameworks: PCI-DSS, SOC 2/3, ISO 27001, GDPR, CIS Top 20, CIS AWS Foundations and AWS Well Architected Framework.
• Experience scripting in Python, Perl and PowerShell
• Demonstrated knowledge in penetration testing tools and techniques
• Experience as an incident response coordinator
• Demonstrated experience in intrusion attempt and compromise detection
• Experience managing internal/external audits and compliance programs
• Prior project management exposure.
• Experience in working with Systems Development Lifecycle (SDLC) for both the Waterfall and Agile methodologies
- Please view Equal Employment Opportunity Posters provided by OFCCP here .
You need to sign in or create an account to save a job.
Get job alerts
Create a job alert and receive personalized job recommendations straight to your inbox.
Create alert