Sr. Manager, Information Security
The Senior Manager Information Security provides technical leadership, expertise, and direction working with Ensono associates to design and implement Information Technology data and security systems. This position develops and performs Information Technology risk and security assessments to ensure the protection of Ensono technology assets and compliance with applicable laws and industry regulations. This position also supports proactive operational responsibility for Information Security incident prevention, detection, and remediation.
To be successful in this role, the selected candidate will need to be comfortable building relationships and driving change through advocacy and influencing. They should also have a strong business understanding while also a possessing foundational technical competency as well.
The Senior Manager Information Security will provide leadership to help improve, prioritize and ensure consistent information security risk management practices are being followed based on a defined framework and methodology.
● Responsible for the development, implementation, and enforcement of controls to assure compliance with internal policies, client policies, regulatory requirements, and contractual requirements
● Develop, execute, and manage process for risk and control assessment of business processes and services to ensure that they align with security policies and objectives. Identify, measure, and report security metrics of value. Report results along with recommendations to close any gaps.
● Oversee Information Security projects ensuring that all implementations follow established Ensono practices and change management.
● Works closely with Ensono’s sales and other Ensono teams in support of client relationships.
● Review Ensono vendor contracts for security compliance and perform vendor due diligence as prescribed by Ensono policy.
● Works closely with Ensono’s Global Assurance and Advisory team to establish frameworks and controls to support audit and compliance requirements, supporting Information Security responsibilities associated with audits and client questionnaires.
● Provide expertise and leadership based on industry experience and knowledge to ensure Ensono remains in compliance with applicable standards and regulations, including evolving data security privacy principles.
● Responsible for interpreting policy, regulatory, and contractual requirements and translating to specific security controls including policies, procedures, or technologies.
● Works with product owners, clients and senior leadership to ensure current technologies meet the needs of our business.
● Establish and oversee formal self-assessment program to demonstrate enforcement of Information Security Program.
● Oversee Cybersecurity team’s responsibilities associated with meeting compliance requirements including but not limited to account management, threat monitoring & analysis, vulnerability management, malware protection, and associated operational activities.
● Serve an Information Security representative within Enterprise Risk Management Program including reporting, tracking, and remediating security related risks.
● Promote and monitor internal Information Security Awareness program.
● Maintain expertise on security trends through training, research and development to identify and mitigate potential security exposures and risks.
● Demonstrate interest in, and aptitude for, the business and technical issues encountered across the Ensono client base.
● Where response is needed, review client security terms in proposed MSAs to assure Ensono can meet requirements. Coordinate with Ensono Legal and other Business Teams to ensure acceptable terms
● Participate in client meetings as needed.
● Respond to client security questionnaires for systems, following team’s accepted responses
What You Will Need:
● Exceptional verbal and written communication skills
● Technical understanding of security controls required to meet policy, regulatory, or legal requirements
● Ability to apply practical risk management analysis skills to support business decisions related to the implementation of the Information Security Program and associated controls
● Ability to interpret security requirements spanning multiple verticals and industries across a wide breadth of organizations
● Strong leadership skills with the ability to effectively influence all levels within the organization as well as the clients’ organization
● Experience in implementing PCI, HIPAA, ISO 2700x, NIST 800-53, and Cloud Security Alliance
● 5-7 years’ experience in Information Security with an emphasis on Governance, Risk, and Compliance.
What will set you apart:
● Industry awareness and community contributions highly valued
● Knowledge of industry trends, new technologies, and creative solutions a must
● Knowledge and experience in cloud security and cloud-based security solutions
● Advanced degree in Information Security
● Industry related certifications including CISSP, and CISA
Primary Location City/State:
Downers Grove, IL - Finley, Illinois
Additional Locations (if applicable):
Ensono is an Equal Employment Opportunity Employer. Ensono provides equal employment opportunities to all qualified applicants without regard to race, sex, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, or genetic information.