Information Security Manager

Reports to: Director of Information Technology

FLSA Status: Exempt

Position Summary
We are seeking a passionate and experienced Information Security Manager to join our team and lead the charge in safeguarding our organization's critical data and digital infrastructure. As a pivotal member of the leadership team, you will be responsible for developing, implementing, and maintaining a comprehensive cybersecurity program that aligns with our business objectives and ensures compliance with industry regulations. You will partner with key stakeholders across departments to raise awareness, build a strong security culture, and proactively manage our ever-evolving cyber risk landscape.

Duties and Responsibilities:

• Develop, implement, and oversee a comprehensive cybersecurity program and policies tailored to the specific needs of the construction industry
• Conduct regular security and vulnerability assessments to identify and mitigate threats
• Implement and maintain industry-standard security controls, including access controls, data encryption, and network segmentation (including firewalls, antivirus, and backup)
• Monitor threat landscape for Threat Actor behavior and emerging threats, analyzes threat data, develop intelligence products to inform and drive operations with a focus on proactive measures to mitigate risk
• Define, maintain, and enforce security policies and procedures, ensuring employee compliance through training and awareness programs
• Manage and optimize the cybersecurity budget, allocating resources effectively
• Build and deliver Information Security solutions that shrink attack vectors along with preventing and properly responding to security incidents swiftly and effectively, minimizing damage and downtime
• Stay current with the latest cybersecurity threats, trends, and regulations relevant to the construction industry
• Focus on innovation and delivering Information Security solutions that follow best practices and enable the business
• Responsible for managing the daily Information Security operations
• Collaborate with IT departments, business units, and senior management to align cybersecurity initiatives with business goals
• Report on the effectiveness of the cybersecurity program to stakeholders
• Information Security operations, analysis, Cyber Threat Intelligence solutions, manage Threat Intelligence Platform, dark web research, proactive defense, detection and response strategies aligned with industry frameworks, proactive identification of mitigation of IT risks, recurring audits including third party audits, reports, dashboards, presenting level of compliance controls, education
• Coordinating continuous development, implementation, and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with local, state, and federal regulations and standards for information systems management while remaining current on applicable international laws and regulations that may impact the company
• Broadening and deepening knowledge of the business and technology environment with respect to the delivery of projects, strategic initiatives, and systems portfolio to effectively assist IT managers and staff with risk and compliance management
• Facilitating information systems security management education and training in regulatory and industry standards for all staff
• Knowledge with experience implementing and maintaining compliance and regulatory frameworks: NIST-800-171 in relation to CMMC 2.0 (Levels 1 through 3), ISO 27001 and data privacy requirements such as CCPA and GDPR
• Versed in Information Security technology suites for endpoint, cloud, IAM, application security, security and compliance, XDR, EDR, SIEM, ATP, email security, PowerShell, Python, IDS/IPS, VPN, DLP
• Knowledge and understanding of CVE standards and classification of security vulnerabilities

Other Duties
Please note that this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job.  Duties, responsibilities and activities may change at any time with or without notice.

Preferred Qualifications (in addition to minimum qualifications)
Education/Experience

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field

Knowledge/Skills/Abilities

• 5+ years experience managing Information Security department
• In-depth knowledge of intelligence analysis, cyber threat intelligence, actors, malware, tactics, techniques, and procedures, malware, cybersecurity best practices, and various security methodologies, processes, and technical security solutions
• Working knowledge in the analysis of host and network logs, network flow, malicious indicators or compromise, and other evidence used in digital forensics, incident response, cybercrime investigations, and Security Operations Center operations
• Experience in a Security Operations Center, Computer Emergency Response Team, or similar incident response environments
• Practical experience with a Threat Intelligence Platform, Security Incident and Event Manager, or Security Orchestration and Automated Response platform
• Excellent verbal and written communication skills including the ability to clearly articulate technical knowledge to a variety of audiences. Excellent problem-solving and analytical skills, and exceptional attention to detail

Minimum Qualifications
Education/Experience

• Bachelor’s degree or equivalent combination of experience in Information Security, Cybersecurity or Information Technology

Knowledge/Skills/Abilities

• 3+ years experience managing Information Security department
• Knowledge of intelligence analysis, cyber threat intelligence, actors, malware, tactics, techniques, and procedures, malware, cybersecurity best practices, and various security methodologies, processes, and technical security solutions
• Knowledge in the analysis of host and network logs, network flow, malicious indicators or compromise, and other evidence used in digital forensics, incident response, cybercrime investigations, and Security Operations Center operations
• Familiarity with Security Operations Center, Computer Emergency Response Team, or similar incident response environments
• Familiarity with a Threat Intelligence Platform, Security Incident and Event Manager, or Security Orchestration and Automated Response platform
• Excellent verbal and written communication skills including the ability to clearly articulate technical knowledge to a variety of audiences. Excellent problem-solving and analytical skills, and exceptional attention to detail

Customer Service Skills:

• Demonstrates commitment to deliver outstanding service – both with internal and external customers 
• Takes ownership to personally resolve customer problems
• Listens well, asks clarifying questions, and checks for agreement with users/customers/clients
• Committed to following-up with users/customers/clients in all instances in a timely manner 
• Strong sense of accountability - ensures that you will do what you say that you are going to do 
• Creates a personal connection with customers – smiles, warm greetings, acts friendly and respectful
• Possesses and maintains a positive attitude