General Information

Location: Princeton, NJ

Organization: WIRB-Copernicus Group Inc

Job Type: Full Time - Regular

Description and Requirements

The Information Security Manager will be responsible for supporting continuous improvement efforts and regular compliance reviews of the WCG information security program under the Chief Information Security Officer. This role is responsible for ensuring the program's effectiveness, including regular updates, reviews, and assessing for program maturity.
The manager must have an interest and enthusiasm to find improvements and problem solve. He/she must have the ability to work independently and provide the team with timely updates and collaborate with other departments. In addition, he/she must be able to communicate with upper management and possess strong writing skills.

-Bachelor’s degree, preferably in Information Technology, Business, or Management

-CISSP, CISM, PMP certifications are a plus

-Minimum of 3 years of experience in information security, preferably in management in an information security organization, focusing on security metrics, security assessment, or in policy and report writing capacity
-Knowledge of information security frameworks and standards, such as NIST and ISO 27002
-Demonstrated accomplishments in program leadership, policy development, management and risk assessments
-Solid understanding of information security concepts, principles and drivers
-Solid understanding of security, privacy, IT audit and legal security standards, guidelines and principles
-Solid understanding of all major functional areas of information technology within a large, highly distributed organization
-Demonstrated ability to prioritize tasks or projects to align with the strategic objectives and with business goals
-Thorough understanding of operational support processes with strong business acumen
-Ability to thrive in a fast-paced environment, while dealing with ambiguity
-Experience implementing strategic plans
-Experience recommending new technology and processes that will improve customer service, reduce costs and/or provide a competitive advantage
-Demonstrated problem-solver
-Ability to work independently and as part of a team
-Strong verbal and written communication skills
-Ability to effectively communicate at all levels of the organization

ESSENTIAL DUTIES/RESPONSIBILITIES: To perform this job successfully, an individual must be able to perform each essential duty and responsibility satisfactorily. The requirements listed below are representative of the knowledge, skills, and/or ability required.
-Work with cross-functional managers to develop and implement security standards, policies, and response practices for continuous improvements within the security program.
-Perform oversight of the development, implementation, and evaluation of information security programs to ensure continuous improvements and performance indicators for effectiveness and compliance.
-Perform tasks related to compliance checks for continuous monitoring plans, e.g., audit log review, security patching, permission audits, software, and hardware configuration management. Achieve KPIs for the effectiveness of the security program.
-Ensure security measures comply with applicable policies, provide configuration management, and accurately assess the impact of modifications and vulnerabilities.
-Participate in the contract agreement reviews to ensure compliance with the security program requirements meets or exceeds expectations.
-Support WCG’s risk registries, risk treatment plans and handling the exception process.
-Periodically represent the information security program during audits and third-party assessments. 
-Support the review and completion of the security questionnaire and develop an index to support efficiency with the process. 
-Prepare and maintain security assessments and manage metrics with performance indicators for evaluations with the Information Security technical team, including vulnerability assessment and penetration testing outcomes.
-Ensure the effectiveness and lifecycle of documentation, and presentation for the Information Security education and awareness, and training activities.
-Apply cybersecurity standards, directives, guidance, and update policies for special programs like mergers and acquisitions, technology adoption, and special projects within new business strategies.
-Assist in supporting investigation in security incidents to provide independent evaluation for incident handling and determine if lessons learned and continuous improvement occurred.
-Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure that all security features applied to systems are implemented appropriate and functional.
-Identify opportunities for continuous improvement of new technology standards and process improvements.
-Provide subject matter expertise on a broad range of information security standards and best practices, such as NIST, SOC 2, ISO 27001, and others as applicable.