IT Security Program Manager

blueStone Executive Search has a distinct focus on recruiting IT professionals with an emphasis on the areas of leadership, business transformation and enterprise.

Provide multi-system security software administration support.  Design, implement and refine security monitoring applications and processes and security testing methodologies.  Assess and recommend appropriate tools and techniques, including single sign-on, identify management and firewalls.  Provide guidance to and interpret results from security compliance and monitoring systems for other managers, auditors and executives.

Defines, identifies and classifies critical information assets, assesses threats and vulnerabilities regarding those assets and implements safeguard recommendations.

Monitor Security Systems and Services:
• Outside services for vulnerability and malicious activity alerts
• Internal suspicious activity event monitoring.

Execute risk assessments throughout the IT environment, including evaluation of effective controls within the application, remote access, mainframe, mid-range, distributed system and network environments.   Assists internal audit department in the development of appropriate criteria needed to assess the compliance of security standards by new and existing personnel, applications, IT infrastructure.  Actively execute and, where appropriate, monitor remediation efforts of vulnerabilities and process deficiencies identified during vulnerability scanning, risk assessments and audit testing.

Serves as the enterprise focal point for computer security incident response planning, execution and awareness.
Develop, implement and manage the overall enterprise policies and processes for technical and physical risk management and associated architecture working with various IT, facilities and business managers. Control and maintain the information security policy exception process, including the initial evaluation of exception requests, assisting in defining appropriate mitigating controls and providing recommendations to the Director of Infrastructure and Security regarding the exception.  
• Maintain an exceptions database and actively monitoring exception inventory.
• Function as team leader capable of managing 3-7 team members during security related incidents.
• Reinforce information security awareness and provide security training.

Evaluates suspected security breaches and recommends corrective and preventative action.
• Extensive experience in deploying and maintaining eTrust Security Command Center, Audit, Access Control, Admin and eSSO software (CA Computer Associates)
• Proven Design and implementation of Identity Management solutions
• Experience in defining enterprise-level security practices
• Experience with LDAP Integration
• Strong knowledge of Windows server operating systems
• Working knowledge of UNIX (several versions)  
• Project management skills
• Technical infrastructure and product management skills
• Business systems analysis skills
• Leadership skills
• Knowledge of Sarbanes-Oxley regulatory requirements
• Knowledge of the COBIT framework

• Possesses working knowledge of specialized PC applications

• Coordinates the work of others and completes similar work of others

• Knows and applies fundamental concepts, practices and procedures of a particular filed

• Is required to understand how improving personal efficiency while maintaining quality, impacts the cost effectiveness of team. Also recognizes the impact of scope changes and escalates to the appropriate next level of management

• Relies upon data, own experiences, other’s perspectives, and a clear process when evaluating course of action and making recommendations and decisions
  
  
• Interprets situations not outlined in procedures; escalates policy related issues