Area of Accountability
The Sr. Manager of Information Security will lead the Information Security function across Hendrickson, providing strategic direction and operational control over the entire Information Security Management Program. (ISMP)
Authoring the strategic direction in all Information Security activities championing the need of Information Security across the organization.
Providing input and direction to functional departments plus senior and middle managers throughout the organization on information security matters such as routine security activities and emerging security risks and control technologies
Leads the design, implementation, operation and maintenance of the Information Security Management System based on applicable and current Information Security Frameworks
Prepares and authorizes the implementation of information security policies, standards, procedures and guidelines, in conjunction with the Information Security Governance Committee (ISGC) and Information Security Management Group (ISMG). This includes ensuring compliance both with internal security policies etc. and applicable laws and regulations.
Guides information security awareness, security risk assessments training and educational activities within the organization
Manages external vendors and consultants to safeguard the company's assets, intellectual property and computer systems
Identify protection goals, objectives and metrics consistent with corporate strategic plan
Oversee incident response management.
Bachelor's degree from an accredited institution, with degree in Computer Science or Information Technology systems security or related field. Master's degree preferred.
Minimum of ten (8) years within the last twelve (10) years of experience in the Information Security field.
Expert knowledge of current Information Security Frameworks including NIST or CIS or the ISO 27000 Series.
Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification.
Demonstrated management skills, including Program Management, Vendor Management, budget development and administration, policy development and implementation, personnel administration, staff training and development.
Expert knowledge of Incident Response, Business Continuity planning, Auditing, Risk Management and Analysis, as well as contract and vendor negotiation.
Experience in developing, documenting, and amending Information Security Policies, Standards and Processes. Establishes Cybersecurity and Risk metrics for reporting.
Possesses a mindset that looks beyond "What" happened to "Why" Information Security issues occur. Ability to assess and balance the need for Information Security controls with their impact to the organization.
Experience in implementation, operation, and continuous strengthening of IS Products & Services desired including:
Network Perimeter Control
Anti-Virus & Anti-Malware
Data Loss Prevention
E-Mail And Web Gateways
Cloud Access Security Brokers
Ability to communicate security-related concepts to a broad range of technical and non-technical staff
Strong written, verbal, and interpersonal skills combined with ability to effectively communicate with subordinates through the CEO.