Information Security Manager in New York, NY at ConsultNet

Date Posted: 2/10/2020

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    New York, NY
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    2/10/2020
  • Job ID:
    20-00049

Job Description

TITLE: Information Security Manager,
LOCATION: NYC (downtown) 
DURATION: FULLTIME/DIRECT HIRE w. CLIENT

JOB DESCRIPTION:

Our client is looking for an information security manager to support their 3rd party contracting and negotiations. The candidate will participate in and represent Information Security and IT Risk during contract negotiations relevant to third party cybersecurity oversight and will develop and maintain cybersecurity requirements for third parties.

The ideal candidate is
  • Knowledgeable in multiple areas of technology, with hands-on experience and technical expertise across all Information Security domains
  • Experienced with local, national, and international financial services and privacy regulations, such as GLBA, NYDFS, GDPR, CCPA, etc. and credit card industry standards, such as PCI-DSS.
  • An agile thinker, passionate and energetic; highly collaborative, possessing strong cultural awareness and fantastic written and verbal communication skills
Primary Responsibilities
  • Provide information Security subject matter expertise to General Counsel Organization, Third Party Lifecycle Management, Global Procurement, and Global Business Units organizations for the inclusion of Information Security and IT Risk requirements into third party supplier and non-supplier contracts
  • Negotiate cybersecurity contractual addendums, riders, etc. directly with third party account managers, attorneys, and information security staff; effectively communicate requirements to technical and non-technical representatives of third parties
  • Facilitate alignment across internal and external third party stakeholders
  • Evaluate criticality of issues and advise internal stakeholders with a risk-based approach and an understanding of Business objectives
  • Remain up to date on Information Security standards, industry best practices, cybersecurity and privacy regulations, trends, threats, and new technologies, and provide continued guidance on enhancements to contractual protections for cybersecurity, privacy and regulatory requirements
Additional Responsibilities
  • Provide feedback to leadership, including regular reporting and metrics, in order to assist with the governance and overall growth of the third party security program
  • Provide guidance during risk acceptance process relating to third parties
  • Understand cybersecurity and regulatory issues specific to the third party landscape by connecting with peers, experts, standards organizations, and industry forums
  • Provide training, including the development of training materials, to internal stakeholders
  • Project management
  • Partner with internal stakeholders to develop, improve, and document processes
  • Assist with and participate in third party cyber incident response and outreach activity
Qualifications
  • 7-10 years of experience, in positions of increasing responsibility, in Information Security risk assessments, cyber security operations, threat and vulnerability management, security architecture, or cyber security incident response
  • Prior experience with contract negotiation
  • Ability to effectively communicate and articulate Information Security risks
  • Understanding of what information or assets are of value to threat actors and how organizations and data are breached, including through relationships with external third parties
  • Strong familiarity with industry standards and control frameworks, risk assessment frameworks, security assurance auditing standards, best practices guidelines, such as ISO27001, NIST CSF, FAIR, SSAE16/18, CSA, CIS Top 20, OWASP Top 10, etc.
  • Understanding of and experience with modern security controls, technologies, and procedures, including: vulnerability scanning, penetration testing, encryption, endpoint and anti-malware protection, network security, DLP systems, logging systems, physical security systems etc.
  • Strong familiarity with cloud based services, architectures, and underlying management frameworks
  • Familiar with network architectures and data exchange protocols, such as API usage, secure file transfers, etc.
  • Familiar with cyber resiliency, disaster recovery, and business continuity concepts
  • Basic understanding of cyber incident response, investigation, and forensic analysis
  • Must have excellent verbal and written communication skills, interpersonal collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • Must possess the ability to multitask, prioritize, and manage time effectively
  • Must be able to pay strong attention to detail
  • Bachelor's degree in Cybersecurity, Computer Science or Information Systems, or equivalent combination of education and experience preferred
  • CISSP, CISM or similar certifications preferred




Be a part of the ConsultNet difference. As a leading national provider of IT staffing and solutions, ConsultNet delivers exceptional services to startup, midmarket and Fortune 1000 companies across North America. Since 1996, we've partnered with clients to create rewarding opportunities for our consultants, successfully building teams that have surefire results.
In the past two years alone, we have placed more than 1,500 consultants in contract, contract-to-hire, or direct placement opportunities. We understand communication is key to finding the right job that matches your skills and career goals. For us, it's not just the work that we do; it's how we do the work. Our breadth of offerings extends to multiple IT positions in major markets throughout the country, see more at www.consultnet.com