Information Security Manager
Full Time
Location: Oklahoma City, OK
CEC is a privately-held engineering firm, serving both public entities and private developers. We offer extensive services, which allow us to be involved with projects from conception to design, to construction. Our focus is to eliminate aging infrastructure and drive community growth through innovative and collaborative engineering design. CEC is a Top Workplace that offers excellent benefits, professional development and growth opportunities for employees.
DUTIES AND RESPONSIBILITIES
- Develops and implements security policies, procedures, and standards.
- Conducts vulnerability analysis and threat assessment.
- Develops, implements, and manages security controls.
- Responds to security incidents in a timely manner.
- Provides continuous analysis and assessment of incident response activities.
- Leads day-to-day IT security activities.
- Works with IT and senior leadership in the design, implementation, and testing security program.
- Advises senior management of security risks and security posture.
- Oversees and maintains organization security awareness program.
- Manages multiple tasks simultaneously and communicates status with leadership.
- Monitors alerts from ticketing systems, applications, or SIEM and escalates issues as required.
- Communicates effectively with technical staff and leadership.
- Communicates effectively with non-technical staff in friendly and non-technical manner.
- Cultivates and maintains effective relationships with users, providing support and training, as necessary.
- Participates in proactive team efforts to achieve departmental and organizational goals.
- Complies with all safety policies, practices, and procedures.
- Performs other duties as assigned.
COMPETENCIES
- Business continuity and contingency planning
- Enterprise architecture
- System administration
- Server administration
- Security administration
- Policy development and management
- Risk management
- Cybersecurity and threat mitigation
- Information systems and network security
- Problem solving/analysis
- Technical capacity
- Communication proficiency
- Critical situation composure
- Reliable and punctual
- Time management
- Documentation development
- Thoroughness and accuracy
MINIMUM REQUIREMENTS
- Relevant bachelor’s degree from accredited four-year college or university, or a minimum 10 years of security risk management experience
- Minimum five years’ experience performing the following:
- Operating a security risk management system
- Conducting or overseeing security risk assessment
- Server or network administration
- Developing and maintaining security documentation
- Managing a security program in alignment with NIST, COBIT, CSF or similar framework
- Experience developing and maintaining a disaster recovery/contingency plan
- Experience in securing Office365, endpoints, and server infrastructure.
- Maintain a relevant security certification (CASP, CISM, CISSP) for a minimum of three years.
- English language skills: ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, and vendors.
- Mathematical skills: ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.
- Reasoning skills: ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
- Organizational skills: ability to prioritize, organize assignments; ability to handle multiple tasks and projects simultaneously.
- Remote connectivity device with data plan sufficient for company requirements, such as multi-factor authentication, time and mileage tracking, expense reimbursement, e-mail, and virtual communications.
- Experience in securing Office365, endpoints, and server infrastructure.
PHYSICAL REQUIREMENTS
- Light physical activity performing non-strenuous daily activities of a productive/technical nature.
- Manual dexterity sufficient to reach/handle items, work with the fingers, and perceive attributes of objects and materials.
- Ability to stand and/or walk for extended periods of time.
- Ability to sit for extended periods of time.
- Ability to occasionally bend, crouch or stoop.
- Ability to see clearly 20 feet or more; ability to identify and distinguish colors; ability to observe an area that can be seen up and down or to the left and right while eyes are fixed on a given point (peripheral vision); three-dimensional vision with ability to judge distances and spatial relationships (depth perception); ability to adjust focus.
- Ability to lift and move up to 10 pounds frequently, up to 25 pounds occasionally, and up to 50 pounds as needed.
WORK ENVIRONMENT
- Well-lighted, heated and/or air-conditioned indoor office setting with adequate ventilation.
- Moderate noise.
WORK SCHEDULE
- Regular schedule of 40 hours per week between 7:30 a.m. and 4:30 p.m., Monday through Friday.
- May be required to work extended hours, weekends, and holidays.
- May be required to work non-standard hours and schedules that include on-call and callouts.
- Occasional overnight travel required.
- Eligible to submit applications for telecommuting after 90 days.
CEC is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.