Exponent is a leading engineering and scientific consulting firm. Our multidisciplinary team of scientists, engineers, physicians, and regulatory consultants brings together more than 90 different disciplines to solve complicated problems facing corporations, insurers, government entities, associations and individuals. Our approximately 1000 staff members work in 26 offices across the United States and abroad. Exponent has over 800 consultants, including more than 500 that have earned a doctorate in their chosen field of specialization.
Exponent is seeking a Senior Manager of Information Security for our Phoenix, AZ, Menlo Park, CA or Natick, MA office. The Senior Manager of Information Security will be the leader of Exponent's InfoSec program. The primary responsibility for this position is to ensure that all corporate, employee, client, and third-party vendor data that Exponent controls or processes is protected, safe and secure. This individual will be responsible for leading a team that will design, build, implement, and maintain our information security program.
This opportunity requires strong technical competency and a proven managerial track record to build an efficient and effective information security program. The ideal candidate will be versatile and comfortable with technical challenges as well policy decisions.
Key responsibilities include:
Design, develop, monitor and maintain a standards-based Enterprise Information Security Program
Lead and scale InfoSec in accordance with the requirements of the company
Be the InfoSec subject matter expert, whether working with internal stakeholders or collaborating with our clients
Develop, maintain and enforce InfoSec policies, procedures and security metrics
Manage the implementation and automation of Enterprise standard security systems and software including but not limited to IDS/IPS, SIEM, HIDS, Vulnerability Scanners, Web Application Firewalls, Threat Monitoring and Detection
Manage internal and external security/risk assessments and programs as well as penetration testing, vulnerability management etc.
Collaborate with audit, compliance, and privacy stakeholders within the company
Qualifications for this position include:
B.S./B.A. degree and at least 10 years of relevant work experience in IT and/or InfoSec required
Previous security leadership experience
Excellent communication skills and ability to document and explain technical details clearly and concisely to multiple audiences in the company
Expertise in at least one pillar of information security, as defined by CISSP
Experience in building and scaling a well-rounded security program based on NIST or ISO controls
Familiarity with current regulatory requirements: GDPR, HIPAA, PCI, CSSP
Thorough understanding of the current threat and attack landscape, latest security trends and principles
Previous project management or audit experience preferred
Security certifications such as CISSP, OSCP or CISM are preferred
We are an Affirmative Action, Equal Employment Opportunity, Veterans and Disabled Employer.