Top Information Security Manager Skills

Below we've compiled a list of the most important skills for an Information Security Manager. We ranked the top skills based on the percentage of Information Security Manager resumes they appeared on. For example, 10.9% of Information Security Manager resumes contained Ensure Compliance as a skill. Let's find out what skills an Information Security Manager actually needs in order to be successful in the workplace.

The six most common skills found on Information Security Manager resumes in 2020. Read below to see the full list.

1. Ensure Compliance

high Demand
Here's how Ensure Compliance is used in Information Security Manager jobs:
  • Developed, implemented and maintained a comprehensive Information Security program to ensure compliance with regulatory requirements.
  • Perform periodic security assessments to ensure compliance.
  • Manage 200+ employees in the Army Training and Certification Training System to ensure compliance with training and certification requirements.
  • Manage and execute strategic security initiatives to ensure compliance with PCI requirements as a Level 1 merchant.
  • Verified technical and logical assets to ensure compliance with DoD and Air Force policy.
  • Establish security policies and procedures and ensure compliance.
  • Coordinated testing, reporting and remediation to ensure compliance of internal controls resulting in a clean opinion in multiple auditors reports.
  • Key Responsibilities and Accountabilities: Ensure compliance with the regulatory requirements and demonstrate program sustainability.

Show More

2. Vulnerability Assessments

high Demand
Here's how Vulnerability Assessments is used in Information Security Manager jobs:
  • Manage contracted 3rd party security vendors and coordinate annual penetration testing, vulnerability assessments and mitigation.
  • Provided consultative vulnerability assessments, remote, and local penetration testing for various businesses.
  • Engaged clients by performing comprehensive vulnerability assessments and coordinating security training initiatives.
  • Conducted scheduled vulnerability assessments of internal and external (web) assets.
  • Perform vulnerability assessments and perform risk mitigation for critical infrastructure components.
  • Worked with external security firms to perform risks and vulnerability assessments.
  • Oversee and review vulnerability assessments for applications and infrastructure products.
  • Managed external vendor services for vulnerability assessments and penetration testing.
  • Conduct and analyze weekly vulnerability assessments and coordinate remediation efforts.
  • Performed corporate and site level vulnerability assessments and risk analysis.
  • Charged with evaluating new security technologies and conducting vulnerability assessments.
  • Conduct vulnerability assessments of servers/endpoints and implement MDM technology.
  • Provide analysis and resolution recommendations for vulnerability assessments.
  • Conduct in-depth compliance audits and vulnerability assessments.
  • Perform ongoing vulnerability assessments on critical infrastructure.
  • Led and conducted security vulnerability assessments.
  • Focus was on providing threat and vulnerability assessments, security benchmarking and security architecture assessments.
  • Charged with evaluating new security technology and conducting vulnerability assessments Managed a Multi-million dollar annual budget for Information Security.

Show More

3. Information Security Policies

high Demand
Here's how Information Security Policies is used in Information Security Manager jobs:
  • Promote an Information Security conscious culture by using internal and external events to effectively implement Information security policies within the businesses.
  • Partner with Director of Operations and Infrastructure to translate Information Security Policies into technical requirements, operational processes and procedures.
  • Developed and conducted information security training and facilitated organizational awareness of information security policies, procedures and related controls.
  • Reviewed and Updated 20 Information Security Policies and Procedures to incorporate new techniques and expand emerging technologies.
  • Led the development and implementation of information security policies for the QinetiQ North America enterprise.
  • Managed, developed, maintained an implemented the information security policies and procedures.
  • Designed, evangelized, and implemented information security policies and standards.
  • Developed and maintained Information Security Policies and Procedures.
  • Align the strategies, goals, and projects of American Express Publishing with the information security policies of American Express CISO.
  • Designed Information Security Policies for the organization to comply with FFIEC and FCA guidelines and industry best practices.
  • Plan and direct the development, maintenance and communication of information security policies, standards and procedures.
  • Develop and Maintain information security policies, procedures, and control techniques to address system security planning.
  • Develop and maintain Charles River's Information Security policies, standards, procedures, and guidelines.
  • Led the development of all information security policies and procedures.
  • Develop Information Security policies, processes and standards.
  • Developed, implemented, and ensured compliance with organizations information security policies.

Show More

4. External Auditors

high Demand
Here's how External Auditors is used in Information Security Manager jobs:
  • Collaborate with external auditors to conduct in-depth compliance audits, presentation of results to senior management.
  • Performed IT security audits and remediation activities prior to formal audits by external auditors.
  • Supported to compliance to regulatory requirements and worked closely with internal and external auditors.
  • Interfaced with Internal and External Auditors and Federal Regulators during IT examinations.
  • Facilitate SOX requests, issue investigation and resolution for external auditors.
  • Collaborate with internal and external auditors to conduct in-depth compliance audits.
  • Served as the primary contact for all information technology audit-related activities with Internal Audit and external auditors, KPMG and EY.
  • Acted as the point of contact to the external auditors during audits.
  • Partnered closely with Internal and External Auditors in completing SOX audits.
  • Worked closely with internal and external auditors for annual audit.
  • Managed the IT SOX compliance efforts; coordinated with external auditors and ensured timely completion of SOX attestation.
  • Recognized by external auditors as having best in class security and controls program.

Show More

5. Risk Assessments

high Demand
Here's how Risk Assessments is used in Information Security Manager jobs:
  • Authored required policies, procedures, and related documentation including risk assessments and continuity of operations plans.
  • Develop Information Security responses and actions plans to manage risks identified during vendor risk assessments.
  • Recommended changes to protected vulnerable networks and systems following detailed risk assessments of various components.
  • Conducted information security risk assessments and served as an advocate for security issues.
  • Conduct periodic risk assessments of IT operations and Information Security functions.
  • Conducted extensive risk assessments of all enterprise critical information resources.
  • Developed information risk assessment processes and conducted annual risk assessments.
  • Conducted information security audits and external compliance risk assessments.
  • Perform routine security application vulnerability and risk assessments.
  • Introduced enterprise physical and logical security risk assessments.
  • Participated in numerous technical/procedural risk assessments with clients, due-diligence exercises, marketing sales campaigns for new customers, etc.
  • Conduct Threat and Risk Assessments and IT Security reviews to assess business and technology risks within the current enterprise environment.
  • Monitored NWA's privacy performance, risk assessments, ongoing compliance related to privacy audits - passed successfully.
  • Contracted to manage Third Party security risk assessments and reporting, recommendation of risk remediation, and monitoring.
  • Coordinate the vulnerability and penetration testing of La-Z-Boy applications, systems and networks and conduct risk assessments.
  • Develop and perform risk assessments as a basis for audit project task prioritization and project planning.
  • Performed security research for review of new vendor offerings as well as vendor security risk assessments.
  • Conduct routine risk assessments of our 21 locations and report findings and recommendations to senior management.
  • Manage Third Party security risk assessments and reporting, recommend risk mitigation, and monitoring.
  • Complete annual risk assessments to ensure adherence to GLBA, PCI and ISO standards.

Show More

Job type you want
Full Time
Part Time
Internship
Temporary

6. Infrastructure

high Demand
Here's how Infrastructure is used in Information Security Manager jobs:
  • Provided experienced leadership accrediting classified computer systems and IT Infrastructure used to process and transmit classified and sensitive information.
  • Evaluate emerging technologies and associated security implications, potential infrastructure impact and possible resolutions to that impact.
  • Prioritized Information Security projects and goals and implemented additional infrastructure based on the level of risk.
  • Defined and implemented the Information Security strategic direction for the organization and designed the security infrastructure.
  • Integrate configuration management, information technology architecture, and infrastructure design into IT project plans.
  • Created weekly executive reports for monitoring and maintain the operational awareness of the global infrastructure.
  • Ensured enterprise wide infrastructure projects adhered and are in compliance to all information security requirements.
  • Established a three-tier security management infrastructure, with manpower and cause/escalation resolution planning.
  • Developed methodology and conducted risk evaluation of IT infrastructure and business applications.
  • Develop application and security infrastructure processes and policies adopted for education systems.
  • Developed annual information security budget for capital infrastructure improvements using DCID 6/9.
  • Conducted infrastructure, consulting, contract and application security reviews.
  • Designed and integrated endpoint security capabilities throughout the enterprise infrastructure.
  • Implemented and regularly reviewed Infrastructure and Servers Security Guidelines.
  • Spearheaded network design of corporate infrastructure for new facility.
  • Coordinated projects needed for organizational communication and infrastructure development.
  • Installed Public Key Infrastructure (PKI) software and ensured that users understood the usage and responsibilities involved with PKI certificates.
  • Orchestrated the efforts of a combined EDS and subcontractor team to develop a security architecture to protect the base infrastructure.
  • Led, Engages Cross Functional Teams and Business Groups in support of Key Global Infrastructure Projects, such as:.
  • Led a team of Administrators in processing, troubleshooting, upgrading, and maintaining system's infrastructure for mission-critical applications.

Show More

7. Security Awareness

high Demand
Here's how Security Awareness is used in Information Security Manager jobs:
  • Establish security awareness program to enhance agency knowledge in information security to further protect state and federal tax data.
  • Managed Information Security awareness program, while working with Bank management to incorporate security awareness into the Bank culture.
  • Promoted and fostered increased security awareness within executive management resulting in additional staffing, tools, and training.
  • Facilitated the development, implementation, and promotion of internal controls & information security awareness within KTO.
  • Guided and trained information security staff, and raised security awareness with organizational units and users.
  • Trained users and promoted security awareness to ensure system security and improved server and network efficiency.
  • Partnered with Corporate Information Security to enhance Security Awareness Programs within the Capital Markets Division.
  • Designed internal website and brochures to promote security awareness and provide mechanism for reporting incidents.
  • Implemented security awareness program and ensured security awareness is embedded with the new hire process.
  • Created monthly security awareness articles and developed security training specific to point of sale terminals.
  • Developed and implemented security policies, standards, procedures and associate security awareness training.
  • Coordinated and directed the development and implementation of information security awareness and education programs.
  • Deployed a global vulnerability management program, global security awareness campaign and annual training.
  • Raised security awareness through development of agency-wide information security awareness and training courses.
  • Managed GLBA security awareness and training program and annual information security awareness activities.
  • Increased network boundary security awareness by contributing to security education and knowledge share.
  • Implemented security awareness programs and instituted compliance metrics to decrease enterprise risks.
  • Develop and participate in security awareness programs for employees and contractors worldwide.
  • Developed Security Awareness Program for identification and prevention of potential security breaches.
  • Directed the Information Security Awareness program to educate agency users.

Show More

8. Information Technology

high Demand
Here's how Information Technology is used in Information Security Manager jobs:
  • Coordinated software and/or hardware installation and configuration, while directing diagnostics on malfunctioning information technology systems.
  • Led all aspects of information technology management, driving continual process improvement and ongoing success.
  • Spearheaded the identification and remediation of corporate risks relating to information technology initiatives.
  • Helped North America Information Technology uncover and address information security control gaps.
  • Trained and mentored users on information technology acceptable use.
  • Maintained Information Technology and Security Regulatory Compliance.
  • Negotiated and reviewed contracts with various information technology vendors towards the purchase and/or acquiring services for the AAA headquarters advantage.
  • Facilitate annual Information Technology General Controls audit (ITGC), which is in its 3rd year of no findings.
  • Research the latest Information Technology trends.
  • Subject matter expert responsible for annual Sarbanes Oxley compliance, evaluation and reporting for division's global Information Technology group.

Show More

9. Information Security Program

high Demand
Here's how Information Security Program is used in Information Security Manager jobs:
  • Evaluated and Recommended security solutions and tools that aligned with corporate standards to increase the effectiveness of our information security program.
  • Initiated the implementation of an information security program, including security architecture, policy development, and disaster recovery planning.
  • Served as the regional Director of Information Security overseeing information security programs and functions for 7 organizations.
  • Managed communications and information security programs for diverse population of 13 subordinate commands and 400 personnel.
  • Managed the base information security program including over 30 squadrons and several geographical separated units.
  • Tasked to build Information Security Compliance group to compliment the overall Information Security Program.
  • Create presentations for senior leadership team used to demonstrate our Information Security Program.
  • Developed and managed the following corporate Information Security Programs:.
  • Formulated, pitched, and implemented worldwide Information Security program.
  • Sole individual driving the information security program in the organization.
  • Developed, delivered, and evaluated information security programs.
  • Coordinate the implementation of information security programs across platforms.
  • Manage enterprise-wide information security program.
  • Manage the information security program.
  • Planned, developed and coordinated the audit plan and certification testing for the Cardholder Information Security Program (PCI) certification.
  • Created and chaired the Company's Information Security Program Office, the technical steering task force on information security issues.
  • Created a world class information security program encompassing; Incident Management, Risk Assessment program, Penetration Assessments.
  • Created the Enterprise-Wide Information Security program, office and strategy, including policies, procedures and standards.
  • Oversee Corporate, Toll Systems and Intelligent Transportation Systems (ITS) network and information security program.
  • Created and managed the information security program for the fifth largest Internet Service Provider.

Show More

10. Incident Response

high Demand
Here's how Incident Response is used in Information Security Manager jobs:
  • Planned, configured and maintained web based Information Security Education site and Enterprise wide incident response reporting and tracking application.
  • Organized cross-functional teams and developed processes supporting incident response, patch management and corporate compliance needs.
  • Developed training material and provided training in contingency planning, configuration management, and incident response.
  • Updated Incident Response Plan and designed severity threshold metrics for regular reporting.
  • Develop, manage, and support a Security Incident Response/Management process.
  • Led security incident response including forensic analysis and attack duplication.
  • Instituted comprehensive monitoring and alerting systems and incident response procedures.
  • Developed the Security Operations Center and Incident Response manuals.
  • Manage incident response planning/handling/post-incident reporting and areas for improvements.
  • Handle and coordinate information security incident response actions.
  • Directed the vulnerability assessment and incident response programs.
  • Supervised incident response, reporting and evidence collection.
  • Implemented security incident response program.
  • Created a Computer Security Incident Response Team and developed partnerships with other CSIRT teams (national and international).
  • Designed and managed the incident response and analysis program, reducing average incident remediation times to under 60 minutes.
  • Updated Computer Incident Response Team (CIRT) program to reflect inter-functional department participation and response flow tracking.
  • Create and maintain Charles River's Information Security Plan, Incident Response Plan and Vendor Management Plan.
  • Provide expert oversight in incident response planning as well as the investigation of security breaches.
  • Provide threat analysis to Incident Response team lead on current investigations analyzing various log sources.
  • Serve as the enterprise focal point for data security incident response planning and execution.

Show More

11. PCI DSS

high Demand
Here's how PCI DSS is used in Information Security Manager jobs:
  • Achieved complete success in resolving the five-year PCI DSS non-compliance by closely managing the annual compliance process.
  • Design, tested, and implemented Tripwire File Integrity Monitoring tool in accordance with PCI DSS requirements
  • Managed and monitored the PCI DSS compliance of all company associated third-party service providers.
  • Provided internal review of third party services prior to each PCI DSS assessment.
  • Prepared and validated PCI DSS ROC.
  • Managed a three-person security team of the PCI DSS compliance requirements (e.g.
  • Project manager and implementer for PCI DSS, NIST benchmarking and ITIL.

Show More

12. Risk Management

high Demand
Here's how Risk Management is used in Information Security Manager jobs:
  • Transitioned the Federal Reserve Information Technology (FRIT) organization from a risk avers organization to a risk management organization.
  • Created and managed information security and risk management awareness training programs for all employees, contractors and approved system users.
  • Collaborated/partnered with business owners and risk stakeholders for alignment with their respective programs for a more integrated risk management.
  • Integrated Information Security with Corporate Compliance, Legal and Physical Security; collaborating on Enterprise Risk Management program.
  • Worked closely with Information Security and Corporate Risk Management to develop an Enterprise Risk Management Program.
  • Evaluated and expanded Information Security audits and audit requirements to cover gaps in Risk Management Program.
  • Led Risk Management team for outsourced/third-party services covering Information Security, compliance, and regulatory requirements.
  • Trained over 700 staff in risk management and asset vulnerability assessment and security risk mitigation.
  • Performed project risk management strategies by identifying project risks and developing the required mitigation approaches.
  • Developed Sarbanes-Oxley compliance program and all associated risk management processes for the corporation.
  • Developed a risk management profiling process to assess and analyze security risk.
  • Achieved critical deadlines through demonstration of exemplary project and risk management.
  • Participated in the development of an Operational Risk Management Department.
  • Recruited to establish and bring pragmatic enterprise risk management framework.
  • Developed a company-wide risk management and auditing strategy.
  • Implemented Vulnerability Management and Risk Management Programs.
  • Managed 6 person team of security engineers supplying information, audit and risk management services to Harvard Pilgrim Health Care.
  • Introduced risk management processes and program within the credit union to align security focus with business and compliance needs.
  • Manage day to day workload of information risk management team members, monitoring project milestones and critical dates.
  • Partnered with HR and Legal during risk management and policy implementation to protect patient and employee data.

Show More

13. Architecture

high Demand
Here's how Architecture is used in Information Security Manager jobs:
  • Work with Security and Enterprise Architecture teams to ensure services are designed and implemented in accordance with information security policy.
  • Aligned IT security architecture function and referenced architecture to business, embedding security from inception to project delivery.
  • Integrated federated security capabilities, services, and functions across the enterprise within a security architecture framework.
  • Developed, implemented and managed the technical review of security architectures and associated controls.
  • Examine security architecture of WAN/LAN to evaluate the security resilience/strength and detect possible threats.
  • Work independently to evaluate Security Architecture and deliver the appropriate security solution.
  • Drive security resource management and architecture review for all major initiatives.
  • Implemented the first ever JPM security global information security architecture.
  • Re-engineered the security architecture to reflect security in depth strategies.
  • Developed architecture and process of the end user Self-Service recovery.
  • Conducted security architecture reviews and network architecture assessments.
  • Develop and maintain overall Security technical architecture.
  • Created and ran the Information Security Office, charged with creating and maintaining the security architecture for all technology platforms.
  • Managed the security architecture, design, implementation, and support of the core systems replacement project.
  • Performed IA Engineering support (design, architecture, development, integration, certification and accreditation).
  • Manage and lead the planning, strategy, architecture, and design of the portfolio.
  • Reviewed the security architecture, ensuring that it meets the business requirements and performance goals.
  • Created security charter, framework, architecture, procedures and standards.
  • Perform security reviews for all architecture and/or data flow changes.
  • Advise on technical design and architecture for new products.

Show More

14. ISO

high Demand
Here's how ISO is used in Information Security Manager jobs:
  • Report directly to Chief Information Officer, with a regular reporting relationship to executive steering committees and a board-appointed Supervisory Committee.
  • Functioned as Information Security Manager providing support in an advisory capacity to IA-related efforts in support of federal client.
  • Will serve as a liaison between various organizations and security management.
  • Advised and represented supervisor on matters related to security.
  • Direct supervisor for two Information Security Analysts.
  • Conducted training seminars for supervisors.
  • Displayed strength in working as a liaison with cross-functional talent to successfully implement complex initiatives with skills in integrating diverse disciplines.
  • Acted as compliance liaison between Internal Audit and IT concerning Sarbanes-Oxley, HIPPA, PCI and other regulatory controls.
  • Served as the first line supervisor (operations and maintenance) for the ship's signals exploitation space.
  • Perform in a liaison role with program personnel and government customers, and respond to short-notice tasks.
  • Received commendable inspection of units in garrison and in combat from the higher echelon during annual inspection.
  • Analyzed and gathered data that was used in preparing reports to be submitted to supervisors and directors.
  • Act as Security liaison to the community and implement strong security policies and standards for security.
  • Designed & deployed Aruba as a global wireless standard including the VLAN isolation of non-company assets.
  • Manage Information Security projects and resources, serving as a liaison to multiple lines of business.
  • Review was based on FFIEC and GLBA requirements, as well as the ISO27001 standard.
  • Support the annual risk assessment process through an audit plan approved by the Supervisory Committee.
  • Work closely with Regional and Local BISO's for all system and security related issues.
  • Served as primary IT security vendor liaison and MSA, SOW, SLA negotiator.
  • Provide guidance on developing security controls and policies as defined by ISO 27002 standards.

Show More

15. Recovery Procedures

average Demand
Here's how Recovery Procedures is used in Information Security Manager jobs:
  • Oversee disaster recovery procedures and implement new technologies to simplify and improve recovery time.
  • Developed systems security contingency plans and disaster recovery procedures.
  • Assisted in the preparation and execution of business continuity / disaster recovery procedures.
  • Develop and test disaster recovery procedures to ensure business continuity and operations.
  • Develop, review, and certify all back-up and disaster recovery procedures and plans.
  • Create Test Plan for software modules, database failure and recovery procedures.

Show More

16. Assurance

average Demand
Here's how Assurance is used in Information Security Manager jobs:
  • Provided training for over 140 personnel in information assurance and supervised the Command Inspection of Information Security.
  • Prepared daily reports, presentations, and statistical data on program assurance related topics for management.
  • Enforced the application of information security/information assurance policies and practices in the delivery of IT services.
  • Manage network system security compliance and DoD 8570 information assurance workforce management.
  • Conducted Quality Assurance after each project/site install was completed.
  • Created seven policy directives for information assurance objectives.
  • Keep a close working relationship with Information Assurance (IA) as well as keeping an eye on budgetary restraints.
  • Worked on application problems involving all phases of system and network vulnerability analysis to provide Information Assurance (IA).
  • Lead the implementation of the Assurance program activities for the Americas as per the 3 LOD model and Global Standards.
  • Prepare information assurance mitigation Plans and Plan of Action and Milestones (POPA&M) for software releases.
  • Serve as the subject matter expert providing responses on all information assurance and physical security questions and tasks.
  • Served as unit COMSEC custodian, and Information Assurance Security Manager (IASM).
  • Enforce IA compliance through inspection programs such as Information Assurance Assessment and Assistance Program.
  • Maintained good working relations with NETWARCOM in Information Assurance (IA) matters.
  • Document and update networks and systems in the local Information Assurance Access database.
  • Administer the Information Assurance and Information Protection training Program for department staff.
  • Ensured compliance of the Information Assurance Vulnerability Management (IAVM) system.
  • Managed and supervised 13 personnel on Information Assurance guidance and policies.
  • Performed a wide variety of functions on various Information Assurance issues.
  • Support the GCSS-ARMY Northrop Grumman staff with all Information assurance Issues.

Show More

17. SOX

average Demand
Here's how SOX is used in Information Security Manager jobs:
  • Promoted organizational maturity and enabled new business ventures by aligning business processes with PCI and SOX security requirements.
  • Coordinated all Information Technology audits including annual Sarbanes-Oxley (SOX) attestations.
  • Oversee audit, compliance, and remediation of logical security domain with MICS, PCI, PII, and SOX requirements.
  • Participated in the development of Information Technology components of SOX 404 documentation, internal control review and testing efforts.
  • Managed SOX, GLBA 501 (b) initiatives and training programs in support of Security Awareness and Compliance.
  • Deploy IT controls for PCI, HIPAA, and JSOX requirements and acted as main IT security audit interface.
  • Develop an Information Security Awareness presentation module to be used for SoX training by all ADT SSO team members.
  • Implement technical solutions to contractual requirements supporting PCI-DSS 2.0, FISMA/CMS/NIST 800-53, EHNAC, SOX and HIPAA.
  • Designed and implemented information security controls supporting SOX, PCI, HIPPA, and PII regulatory requirements.
  • Ensured adherence to information security components of compliance, including PCI, HIPAA, and SOX.
  • Applied 150+ custom monitoring policies to align monitoring to SOX PII, and PCI requirements.
  • Managed testing of 100+ SOX 404 related IT controls on a quarterly / annual basis.
  • Worked with internal Auditors, ARR and compliance group for SOX, RCSA compliance.
  • Coordinated the revision and sign-off of SOX related Finance department policies and procedures.
  • Manage and responsible for successfully passing regulatory PCI, SOX compliance audits.
  • Championed SOX 404 compliance initiative, ensuring implementation of appropriate controls.
  • Assist management with remediation efforts and SOX compliance.
  • Audit preparation and compliance for PCI/SOX/SAS70/ISO 27001.
  • Audit systems for SOX compliance and reporting.
  • Developed IT SOX project plan.

Show More

18. Governance

average Demand
Here's how Governance is used in Information Security Manager jobs:
  • Developed and implemented Security policies that adhered to best practices and were needed for compliance to governance requirements.
  • Provide customer security metrics to management and governance team for special projects and escalated incidents.
  • Proposed an Information Security Governance model and defined security roles and responsibilities in IS team.
  • Strengthen IT security policies and governance program while considering and understanding business needs/resource constraints.
  • Developed and implemented governance procedures for the Information Security team of our Outsourcing partner.
  • Advised several sub-committees to ensure effective department-wide governance of all operations.
  • Facilitated information security governance through implementation of a hierarchical governance program.
  • Developed and implemented new, corporate wide security governance program.
  • Developed and implemented enterprise information security and governance policies.
  • Facilitate project governance and maintain project-management documentation.
  • Shepherded the InfoSec department through a challenging period of transition of personnel covering SecOps as well as Governance activities.
  • Train and mentor other analysts and technical personnel in IT Governance, Service Level management and Continuous Improvement programs.
  • Represented information security in the core team and sponsor committee for the enterprise governance, risk and compliance program.
  • Developed and deployed metrics that improved and demonstrated IT governance, compliance and the effectiveness of risk assessments.
  • Added two people to the group while coaching other Information Security team members on governance and compliance.
  • Guide, implement, enforce, facilitate, and coordinate IT security governance activities across departments.
  • Core responsibilities: Governance, Vendor risk, Policy, Third Party Risk, Awareness.
  • Assisted in the development and ongoing success of a newly formed Information Protection Governance Committee.
  • Participated in Vendor Governance Activities, including but not limited to Desktop Testing and Validation.
  • Established and directed team to build information security strategy, compliance, policy and governance.

Show More

19. Hipaa

average Demand
Here's how Hipaa is used in Information Security Manager jobs:
  • Provided direct leadership with managing corporate HIPAA Privacy/Security compliance initiatives.
  • Implemented enterprise-wide HIPAA compliance program.
  • Lead implementation of system controls as defined by internal and external regulations (such as HIPAA, FISMA).
  • Designed and implemented control matrix to support organizational compliance with HIPAA security and privacy rule and HITECH.
  • Designed and implemented GAP analysis tools for HIPAA compliance (Privacy - Security - TCS).
  • Benefit: Now, everyone acknowledges that IS performs above expectations, with HIPAA compliance ensured.
  • Reviewed legal contracts to verify that security, PCI and HIPAA requirements were addressed.
  • Led project team with development of HIPAA Security compliant standards and solutions development.
  • Helped the organization in getting HIPAA/HITECH, PCI and other policies/processes in place.
  • Managed IT controls testing in support of HIPAA, Sarbanes-Oxley, and PCI.
  • Initiated web-based security training for employees, resulting in early HIPAA compliance.
  • Served as the designated HIPAA Security Officer for the agency.
  • Collaborate with General Counsel and Human Resources regarding HIPAA Compliance.
  • Supported organizational efforts to comply with the HIPAA Security Rule.
  • Created risk assessment questionnaire that would address PCI and HIPAA.
  • Performed HIPAA compliance reviews and Sarbanes-Oxley testing.
  • Conducted regulatory reviews including GLBA and HIPAA.
  • Developed or updated enterprise HIPAA Security Policies; Developed Information Services corporate Policy & Procedure Governance; Developed PCI Compliance Roadmap.
  • Evaluate and manage threats and vulnerabilities to include HIPAA, ePHI, PII, and PCI.

Show More

20. Data Privacy

average Demand
Here's how Data Privacy is used in Information Security Manager jobs:
  • Coordinated in-restaurant Massachusetts Data Privacy and Payment Card Industry compliance efforts through Regional Vice Presidents.
  • Demonstrated ability to align data privacy practices and security controls with strategic business goals.
  • Consult with internal and external organizations regarding information security and data privacy requirements, risks, and risk mitigation.
  • Lead for corporate data privacy/data protection and critical IT application recovery.
  • Act in a consultative capacity regarding audit issues, technical controls, and data privacy considerations.
  • Mitigate business risks through the development of data privacy, information security, and corporate compliance programs.

Show More

21. Security Operations

average Demand
Here's how Security Operations is used in Information Security Manager jobs:
  • Directed information security operations to ensure integrity of government data assets and compliance with internal controls and regulatory requirements.
  • Interacted with Global Enterprise Management Teams and executives to provide support and status on critical security operations issues.
  • Headed staff development, project management, and daily information security operations, internally and externally.
  • Promoted and accepted complete responsibility for managing and optimizing data security operations across ACF2 environment.
  • Directed team members in security operations.
  • Managed the day-to-day security operations, strategic planning, budget development, contracts oversight, and process improvement.
  • Provide day-to-day management of Security Operations team consisting of four members across three data centers.
  • Manage budget and staffing for global security team of 12, running security operations.
  • Managed 24x7 security operations support Help Desk.
  • Formed team to deliver operational excellence, automate reporting, and remediate known vulnerabilities, in partnership with Security Operations Center.
  • Develop and Refine Standard Operating Procedures (SOPs) that reflect the security operations of the environment.

Show More

22. Cyber

average Demand
Here's how Cyber is used in Information Security Manager jobs:
  • Publish a monthly Cyber-Security newsletter on Data Security issues focusing on legislative and current trends.
  • Experience in engineering support to assure all Cyber-Security requirements are met.
  • Support DoD, USCYBERCOM, HQDA, ARCYBERCOM, DA CIO/G6 initiatives and data calls and assist.
  • Reviewed all new firm applications and technology Service Providers including 3rd party SaaS applications for Cyber/Information security and risk controls.
  • Developed, implemented, enforced a regulatory compliant Cyber Security Program while operating in a construction environment.
  • Completed all risk and compliance requirements in preparation for an upcoming enterprise cyber security audit.
  • Managed global cyber penetration exercises to determine areas of non-compliance with corporate / industry standards.
  • Reduced enterprise cybersecurity risks by deploying industry best practices and a system certification program.
  • Transformed reactionary IT Security department into a proactive, intelligence-driven cyber security team.
  • Lead investigator of numerous instances of employee and third-party cyber-crimes and unauthorized activity.
  • Planned strategic enterprise-level cyber security projects for the global Wells Fargo network.
  • Established technical and programmatic assessments that reduced vulnerabilities to information cyber-attacks.
  • Project manager of several high priority cyber security and IT initiatives.
  • Passed Nuclear Regulatory Commission cyber inspection at nuclear facility.
  • Developed and maintained Cyber Intelligence Requirements for the organization.
  • Monitored inbound/outbound network communications for cyber-attacks and data leakage.
  • Establish and oversight organization Cyber and Communication Policies.
  • Conduct briefings, for senior leadership and program personnel on IA/cyber security and physical security to address current issues and preventative.
  • Liaised between executives at multiple global commands and the NGA Office of the Chief Information Officer (OCIO) Cyber Security.
  • Created a cyber risk map, classifying the globe by country to assist in designing security controls tailored to specific locations.

Show More

23. Network Security

average Demand
Here's how Network Security is used in Information Security Manager jobs:
  • Focus areas included Network Security Technology, Mainframe Security Technology, Windows/Unix/Linux Security Technology, and Database Security Technology.
  • Conducted risk assessments and collaborated with leadership to provide recommendations regarding critical infrastructure and network security operations enhancements.
  • Handled the coordination of network security for the organization, guaranteeing confidentiality, integrity, and data availability.
  • Assess and architect secures LAN/WAN infrastructure and review core network security configuration provide consultative recommendations.
  • Review network configuration change proposals for compliance to information system and network security directives.
  • Network Security - Architect/design and implementation of perimeter security using Alert Logic.
  • Directed the activity of two network security engineers and three system administrators.
  • Performed over 150 network security evaluations.
  • Developed, implemented, and managed network security policy for 38,000 users and coalition partners across 11 time zones.
  • Oversee Global Network Security Provisioning, and Identifies and Accesses Management Activities for a $30K + Client Base.
  • Advised the Battalion leadership and staff on all aspects of computer services, email account management and network security.
  • Write and negotiate contracts (SOW) with vendors/outsource-partners for WAN/LAN and network security solutions.
  • Supervised 20 employees in support of network security, administration, and computer maintenance.
  • Led annual network security and data risk self-assessments for PCI and GLBA compliance.
  • Monitor the Network Security Program to ensure proper usage of network systems.
  • Implemented and manage Network Security Monitoring (NSM) program.
  • Design and implement all aspects of network security.
  • Utilized Sun-based processors, Nortel switches and router configurations, Domain Name Service servers, Network security and firewall operations.
  • Project Manager (PM) for enhancing global AB network security via network segmentation and rearchitecture of WAN locations.
  • Designed and deployed a "Trusted" computing environment and network security solution for the Target Corporation.

Show More

24. Nist

average Demand
Here's how Nist is used in Information Security Manager jobs:
  • Led team of highly skilled analysts who identified threats, systemic and application specific security problems in tactical and administrative systems.
  • Created an accountability matrix, providing designated response teams (i.e., security administrators, threat monitors and security architecture).
  • Developed and maintained company defense department information databases designed to improved operational procedures in military conflict zones across Afghanistan and Iraq.
  • Provided leadership in directing a staff of six information security professionals that included; architects, analysts and administrators.
  • Managed direct report corporate security analysts and administrators, and non-direct subsidiary security analysts and business unit security administrators.
  • Maintain awareness of the upcoming implementation of NIST and FIPS requirements into DoD/Army Information System Security Framework.
  • Direct and coordinate all operational and administrative activities associated with the running of the Information Security department.
  • Provided technical advice, clarification, and assistance in the areas of security administration and management.
  • Managed a staff of nine information security professionals that included: engineers, analysts and administrators.
  • Manage the administration of various encryption, authentication and public/private key management technologies and certificate/digital authority.
  • Administer and oversee annual corporate information security awareness training and Phishing campaigns for 170+ employees.
  • Administered database operations, implements conversions, and investigates problems in database environment.
  • Managed 10 Security Administrators responsible for supporting over 200 applications within Capital Markets.
  • Managed system administration team on Defense Information Systems Agency Net-Centric E-Collaboration Services project.
  • Played a pivotal role in investigating Soldier misconduct and representation before Administrative Boards.
  • Administered personnel security program and advised senior leadership regarding physical security policy.
  • Administer the installation, coordination, and implementation of new software/hardware.
  • Developed and administered $1M budget to build offshore engineering operation.
  • Developed and published security administration procedures for supported systems and applications.
  • Audited networks and directed system administrators with technical configuration requirements.

Show More

25. Firewall

average Demand
Here's how Firewall is used in Information Security Manager jobs:
  • Facilitated regular penetration tests of network firewall and e-mail filter servers to make sure that government policy was enforced.
  • Worked in conjunction with Network Engineering group in order to establish firewall rule verification, justification and mitigation.
  • Post review, analyzed operational inefficiencies and identified an opportunity in the firewall log analysis process.
  • Replaced Nokia firewalls with Checkpoint, overhauled the firewall rules/strategy for the company globally.
  • Purchased and installed clustered Juniper firewalls and management server.
  • Developed and implemented Cisco Firewall/IDS/IPS security solutions.
  • Documented firewall DMZ design utilizing NetformXpert.
  • Directed assessments and collaborated with IT on security weakness and risks around DMZ for Servers, Firewalls, and Network.
  • Maintain security, secure protocols, Internet security (Firewalls, IDS/IPS, DNS, DMZ, etc).
  • Develop business case to conceptualize and fund (~$2MM) web application firewall (WAF) capabilities.
  • Utilized network components (e.g., trusted routers, bastion hosts, gateways, firewalls, etc.)
  • Work closely with the Network team to establish proper configuration of firewalls, routers and switches.
  • Trained and supervised the creation of DMZ's on a WatchGuard Firebox X Core firewall.
  • Performed Vulnerability, Penetration and WiFi Scans and firewall reviews to meet PCI requirements.
  • Deployed SaaS web application firewall solution to expand CFX services to the cloud.
  • Load balanced firewalls, web and media services on Foundry ServerIron 450's.
  • Audit and provide security risk evaluations of Cisco routers and firewalls.
  • Maintain records of firewall rules for periodic review for PCI compliance.
  • Deployed and managed: Servers, CheckPoint Firewalls and Routers.
  • Reviewed and approved firewall changes.

Show More

26. Security Requirements

average Demand
Here's how Security Requirements is used in Information Security Manager jobs:
  • Provided advice and counsel to senior management concerning security requirements for all platforms and worked with FDIC auditors on security audits.
  • Networked with multiple Information Security managers to develop applications supporting unique security requirements and subsequently integrating with Enforcement and Compliance applications.
  • Lead team of 8 individuals through security assessment of telephone service provider and provided security requirements for contract negotiation.
  • Managed the agile development of applications supporting unique security requirements and subsequently integrating with Enforcement and Compliance applications.
  • Developed Information Security strategic initiatives and wrote policies for implementation of security requirements for the corporate network.
  • Develop a security program and security projects that address identified risks and business security requirements.
  • Evaluate 3rd party service providers and ensure contract language adequately addresses the information security requirements.
  • Managed security technologies, contract negotiations of security requirements, and information security vendor relationships.
  • Reviewed and recommended updates to annual security education to improve communication on security requirements.
  • Perform contract reviews, address privacy concerns and security requirements for new applications.
  • Focus on implementing and enforcing Security requirements and due diligence for business relationships.
  • Coordinated security requirements with local Security Police headquarters and other agencies.
  • Incorporated minimum-security requirements into HP's web vendor engagement process.
  • Evaluated physical security requirements for unattended open storage areas.
  • Contributed Information Security requirements on system development projects.
  • Review and approve security requirements for new projects in field ops, business/HR apps, PLC/HMI, and contractors.
  • Verified operational alignment with SSAE16 controls, as well as client security requirements.
  • Support vendor due diligence through the review of SSAE16 reports and security requirements.
  • Review all MSA security requirements for client compliance.
  • Partner effectively & efficiently with global teams to enhance business processes, ensuring that required security requirements are met.

Show More

27. Intrusion Detection

average Demand
Here's how Intrusion Detection is used in Information Security Manager jobs:
  • Implemented an intrusion detection capability and designed corresponding emergency response processes against attacks (CERT).
  • Supervised implementation of internal and external intrusion detection and penetration systems.
  • Managed Enterprise Security Administration, Intrusion Detection and Incident Response groups.
  • Managed $150 million intrusion detection system at 83 sites to remote monitor AF networks in 8 nations.
  • Tested and implement intrusion detection, compliance management, and system auditing.
  • Designed, deployed and managed corporate Intrusion Detection and Prevention Systems.
  • Implemented ISS Intrusion Detection software and developed a CERT virus team.
  • Engineered and deployed the Host-based Intrusion Detection/Prevention (HID/HIP) strategy.
  • Deployed Intrusion Detection System (IDS) on network parameter.
  • Implemented a multi-layered defense using 3-tier architecture for secure remote access, telecommuting and intrusion detection based on Cisco SAFE architecture.
  • Lead the replacement of Enterasys Dragon Intrusion Detection System to IBM/ISS Proventia Intruder Detection and Prevention System.

Show More

28. Access Control

average Demand
Here's how Access Control is used in Information Security Manager jobs:
  • Assured that applications were secured by implementing Application shield, Access control/user authentication and Input validation.
  • Managed and directed access controls around Mainframe security containing sensitive data.
  • Reviewed and determined entitlement/access control.
  • Audit Windows and Linux environments that include access controls for numerous Oracle and SQL PHI and PII related databases.
  • Created and updated access control lists giving access to people who needed it using Microsoft access database.
  • Implemented Role Based Access Control (RBAC) to manage segregation of duties for DTAP environments.
  • Implement Web Filtering system for access control and monitoring employee Internet usage.
  • Implemented Role Based Access Control Model for Enterprise Asset Management system.
  • Maintain access control systems and program badge access for the organization.
  • Managed the requirement definition and specification for building resource adapters, end-user provisioning, and workflow capabilities using role-based access control.
  • Facilitated 3 access control tasking; verified 6.5K accts--ensured non-repudiation of 12 base networks.

Show More

29. Security Standards

average Demand
Here's how Security Standards is used in Information Security Manager jobs:
  • Develop security standards and guidelines for controls needed to address relevant legislative, regulatory, and data classification requirements.
  • Developed and implemented information security policies and technical security standards for all schools and patient care units:.
  • Defined/streamlined security standards for day-to-day computer operations and eliminated illegal activities and reduced security flags by 33%.
  • Provide security guidance for special projects and ensure project adherence to corporate information security standards and policies.
  • Tracked and modified information security standards so they were aligned with business practices.
  • Conducted annual test of Buildings/Facilities to ensure security standards are enforced.
  • Created multiple security standards to align with the Information Security policy.
  • Drafted the corporate information security standards for the association.
  • Configured multiple Windows 2008 R2 servers to provide network resources to end users while conforming to DISA security standards.
  • Improved compliance with Information security standards by 10%, thereby raising overall compliance to 90%.
  • Core Competencies & Technical Skills - Defining and implementing database & server security standards and controls.
  • Create and implement security standards for Capital One's mobile device management (MDM) strategy.
  • Designed and created packages to meet ISO 27001 policies concerning security standards and compliance.
  • Documented corporate security standards for RACF, LAN, and UNIX.
  • Develop security standards and best practices for the client.
  • Evaluate and revise security standards, processes and procedures.
  • Created security standards and processes, manage staff.
  • Led the design of data recovery security standards.
  • Implemented Group Information Security Standards based on COBIT, ISO17799/27001/27002, ITIL, NIST, PCI, and CMMI.
  • Improved enterprise productivity, efficiency and multi-site operational excellence, by implementing enterprise information security standards and best practices.

Show More

30. Audit Procedures

low Demand
Here's how Audit Procedures is used in Information Security Manager jobs:
  • Created and managed security policies, incident response procedures and managed related audit procedures.
  • Develop audit scope, objectives and audit program; determine audit procedures and resources.
  • Guided IT audit staff through comprehensive assessment of IT systems through development of preliminary audit procedures for federal financial organizations.

Show More

31. Siem

low Demand
Here's how Siem is used in Information Security Manager jobs:
  • Provide enhancements to the SIEM through various data enrichment methodologies including proper contextual information.
  • Managed application vulnerability assessment and Security Incident Event Management (SIEM).
  • Worked directly with the Information Security Officer in order to stream line and fine tune IDS/IPS, SIEM, DLP.
  • Secured funding and support for an on-premise SIEM to be installed and co-managed by a MSS for 2016 Q1.
  • Implemented a corporate wide SIEM solution that allowed us to resolve proactively 45% of preventable security problems.
  • Second level reviewer of Security Information and Event Management (SIEM) logs from Tripwire and SNORT.
  • Included implementation of Data Loss Prevention (Digital Guardian) and SIEM (LogRhythm) in 2016.
  • Hired a team that launched the SOC in record time and to operate the SIEM platform.
  • Installed and configured complete product deployment of LogRhythm SIEM across 800 servers and devices.
  • Deployed SaaS SIM/SIEM solutions for 7x24 log monitoring, alerting and automated remediation.
  • Lead the deployment of a new SIEM system for a large government agency.
  • Manage and maintain 19 server SIEM infrastructures health and availability.
  • Examine SIEM logs and determine when investigate procedures were appropriate.
  • Designed, implemented and managed the organizations SIEM platform.
  • Deployed, configured and Managed RSA enVision (SIEM) device.
  • Reviewed SIEM and malware alerts for violations.

Show More

32. DOD

low Demand
Here's how DOD is used in Information Security Manager jobs:
  • Develop and evaluate IA architectures consistent with DoD functional and operational requirements and implementation of DA regulations and policies.
  • Achieved and maintained Government IA certification and accreditation requirements using DoD 8500 series.
  • Developed/implemented DoD and AF guidance on all matters pertaining to the protection of classified and highly sensitive defense information.
  • Managed daily operations of multiple SCI, DoD, and DOE programs and maintained all clearances and formal documentation.
  • Developed transition plan for the DoD certification process - brought the AF in compliance with the department guidance.
  • Conducted over 500 Emission Security inspections, ensuring that all equipment met Air Force and DoD guidance.
  • Performed comprehensive security analysis of computer systems using DoD 8500.1 and DoD 8500.2 guidance.
  • Managed a team utilizing DoD tools providing secure operations on over 3,500 computer systems.
  • Insured all users were in compliance with all DoD information security policy and standards.
  • Conduct Network vulnerability checks to ensure software and systems comply with DoD regulations.
  • Provide consultation on compliance standards for FedRAMP and DoD FedRAMP Plus Cloud requirements
  • Manage all IA staff ensuring compliance with DoD 8570.01-M.
  • Prepare and present security reports to the DOD customer.
  • Well versed on DOD 5200.1-R.

Show More

33. Business Units

low Demand
Here's how Business Units is used in Information Security Manager jobs:
  • Lead rapid improvements to help business units identify and understand project related risk.
  • Provided technical consultation on business applications to business units.
  • Calculated and documented the level of current and residual risk and communicate these risks to business units and management as appropriate.
  • Created and mobilized an enterprise-wide segregation of duties program across dozens of business units and over 100 in- scope applications.
  • Mitigated risk by advising business units on proper tools, techniques and processes to manage their risk profile.
  • Worked directly with the business units to facilitate IT risk assessment and risk management processes.

Show More

34. Security Personnel

low Demand
Here's how Security Personnel is used in Information Security Manager jobs:
  • Manage and monitor the workload for contract security personnel to ensure projects are completed on time and within budget.
  • Managed the operations, training and equipping of 20 information systems security personnel.
  • Hired and trained new Data Security personnel Represented Information Security in major business projects.
  • Maintained security personnel productivity and timeliness reports for management review.
  • Participate in client facing meetings and have direct contact with client security personnel.
  • Supervised, trained and evaluated job performances of 20+ security personnel.

Show More

35. Security Incidents

low Demand
Here's how Security Incidents is used in Information Security Manager jobs:
  • Manage and conduct investigations for security incidents and interface with corporate resources to escalate to federal entities, where appropriate.
  • Reduced security incidents through cultivating on site security leads, training of staff and clarifying security procedures.
  • Monitored and provided assistance for preliminary inquires of security incidents and formal investigations.
  • Created information security awareness program, resulted in 45% less security incidents.
  • Reduced security incidents by 98% by proper implementation of security applications.
  • Monitored various system logs, investigated and responded to security incidents.
  • Implemented key processes and procedures for mitigating security incidents.
  • Established Security metrics and statistics to monitor security incidents.
  • Coordinated response efforts related to information security incidents.
  • Zero security incidents occurred during my tenure.
  • Addressed security incidents and conducted forensic investigations.
  • Implemented incident response standards, plans and protocols to ensure that security incidents and policy violations are promptly addressed.
  • Led in managing organization's physical security computer equipment worth over $1 million - no security incidents!
  • Led a team of 56 personnel to prevent, detect, and respond from network related security incidents.
  • Audited and guided the University on how to deal with security incidents.
  • Investigated and assisted with security incidents on the network.
  • Assisted testing emerging malware in the lab environment before deployment - prevented countless security incidents.
  • Assist the Incident Response team on security incidents such as malware infection, data loss and (D)DoS attacks.
  • Reduced facility-wide information security incidents by 42% in 2 years Reduced Classified data spills by 88%.

Show More

36. Access Management

low Demand
Here's how Access Management is used in Information Security Manager jobs:
  • Implemented an information security function, to include security operations, security architecture, and identity and access management.
  • Developed enterprise wide security policies for mobile applications, identity and access management and remote access devices.
  • Identified Access Management Requirements Strategy to better meet policy requirements and level network costs.
  • Maintain PAM (Partnership Access Management) accounts for BP employees/vendors to enable access to WorleyParsons systems.
  • Supervised Access Management - Active Directory, creation of domain, groups and subgroups in ASP accounts.
  • Implemented integrated and SSO Federated Access Management capability via RSA Access Manager 6.0.
  • Directed the effort to centralize the access management provisioning process.
  • Led Regional Identity and Access Management, workflow and provisioning efforts.

Show More

37. Security Posture

low Demand
Here's how Security Posture is used in Information Security Manager jobs:
  • Manage vendor relationships, contract negotiation and monitor service delivery to ensure security posture is enforced.
  • Created a Security Dashboard report for executive management team to easily understand current security posture.
  • Evaluated, recommended and implemented security products to improve company security posture.
  • Reported on security posture including compliance with security policies.
  • Managed residual risk and reduced the network exposure surface by 40%, aggressively improving the overall security posture.
  • Investigate and integrate various open source projects to better enhance Ally s security posture.
  • Worked closely with technical staff to review and enhance security posture throughout the firm.
  • Reported to executive management on the security posture of the company.
  • Delivered a maturity ranking report along with recommendations for improving security posture within theinstitution.

Show More

38. Management System

low Demand
Here's how Management System is used in Information Security Manager jobs:
  • Installed security information management system for security log event correlation, archiving and alerting.
  • Managed configuration of security software, security appliances and management systems.
  • Maintained the P2000 Security Management System for FAA PIV and USAF badge access for entry into the Secure Room.
  • Developed vendor management system, this helped monitor compliance of 3rd party vendors with regulatory and industry standards.
  • Worked on bring in new HRIS based systems, Project management systems for more easily managed solutions.
  • Managed vulnerabilities and POA&M items via VMS (Vulnerability Management System).
  • Define process of change management and create test lab for patch management system.
  • Established new Information Security Management System (ISMS).
  • Led design and implementation of an enterprise class Privileged Account Management system that includes a password vault and session record-ing capabilities.
  • Deployed a key management system, routine patching for Linux, Solaris and Windows policies and procedures.

Show More

39. Security Issues

low Demand
Here's how Security Issues is used in Information Security Manager jobs:
  • Planned and coordinated awareness programs and sessions for all staff regarding Information security issues.
  • Provide training to unit members regarding physical security issues, specifically when traveling internationally.
  • Trained security managers and conducted ancillary training information and operations security issues.
  • Developed a comprehensive security policy and procedures document addressing common security issues.
  • Briefed organizational executives on the status of security issues.
  • Develop and execute user training and awareness programs to educate users on new technologies and information security issues at the enterprise.
  • Provided updated plans and process procedures, as well as advice and guidance on complex computer security issues to leadership.
  • Created a risk register of known and new IT security issues or gaps.
  • Worked with developers, server administrators and network engineers to remediate vulnerability and security issues and audit findings.
  • Provide training via webinars and whitepapers on Data Security issues to sales teams and other interested parties.

Show More

40. VPN

low Demand
Here's how VPN is used in Information Security Manager jobs:
  • Head of VPN Services Group responsible for distributing high definition content across 3DES IPSEC and SSL VPN tunnels.
  • Purchased another HA ASA5540 cluster to function as the VPN endpoint to offload B2B and SSL connectivity.
  • Managed, update and maintain firewall VPN's and Policies for over 5,000 users.
  • Directed cross-functional projects including VPN implementation, patch management and IDS.
  • Implemented VPN, PKI initiatives, and Thin client technologies.
  • Implemented multiple site WAN using VPN technologies end users.
  • Set and review firewall, IDS, and VPN policies.
  • Created LAN-to-LAN tunnels on Cisco 3030 VPN concentrators to high profile clients and partners.

Show More

41. Security Assessment

low Demand
Here's how Security Assessment is used in Information Security Manager jobs:
  • Interfaced with Vice-Presidents and Directors in other departments and divisions to ensure understanding of the security assessments.
  • Led and participated in security assessments for internal and customer-facing applications to identify potential risks and vulnerabilities.
  • Conduct Security Assessments for various systems and applications, including Cloud applications to determine system security status.
  • Conducted security assessments that identify technology and business risk and controls to mitigate exposure.
  • Designed and implemented a virtual lab for security assessment and product demonstration.
  • Prepared security assessments/audit reports provided recommendations and coordinated the remediation of findings.
  • Performed qualitative security assessment to identify security gaps within the enterprise.
  • Participate and provide technical expertise during on-site information security assessments.
  • Performed and coordinated comprehensive security assessment of information operations.
  • Case manager for Third-party InfoSec security assessment.
  • Conducted security assessments of acquisitions.
  • Coordinate security assessments and risk analysis for new product and services (GuardTour, MobileSafety) for ADT strategy product department.
  • Lead the third-party security assessment process, e.g.
  • Respond to security assessment requests from current clients.
  • Execute appropriate risk based strategies, policies, monitoring and security assessment procedures to minimize company group information security exposure.
  • Conducted security policy assessments, including technical security assessments, and verified remediation of vulnerabilities prior to network integration.
  • Managed Security Assessments, Virus Incidents, Remediation, and Audit Requests involving annual Sarbanes- Oxley and Compliance Requirements.

Show More

42. Application Security

low Demand
Here's how Application Security is used in Information Security Manager jobs:
  • Established and implemented SDLC web application security and penetration testing program based on OWASP standards using industry accepted tools and methodologies.
  • Developed and implemented an application security database enabling all application-level security to be administered independently of the application.
  • Manage several vendor relationships to deliver application security testing, training and metrics.
  • Provide oversight on application security including Online Payment and Banking web applications.
  • Performed manual penetration testing of network and application security controls.
  • Created framework and processes for application security using WhiteHat Sentinel.
  • Provided guidance user security administrators on specific application security.
  • Review Weekly Patch Reports, review weekly patch report and metrics to monitor system and application security compliance.
  • Run ASAP (Application security architect program) program in Fidelity.
  • Executed application security review of Lawson General Ledger application, Bisys claims management system and call center application.

Show More

43. DLP

low Demand
Here's how DLP is used in Information Security Manager jobs:
  • Initiated Log Monitoring (SEIM), Data Leakage Protection (DLP), and Internet Protection projects.
  • Led resources in PoC s for DLP and removable media encryption.
  • Evaluated similar DLP products and provided recommendations for enterprise implementation.
  • Developed best practices for collection, investigation, and retention of DLP activity results, events and incidents.
  • Design and build a DLP incident management platform to centralize the remediation of files identified by the platform.
  • Installed and used OpenDLP as part of the effort to locate and protect customer data within the environment.

Show More

44. Incident Management

low Demand
Here's how Incident Management is used in Information Security Manager jobs:
  • Identified technical/mobility improvements to physical security designs providing a risk-based methodology, increased incident management landscape and reduced operational expenditure.
  • Participate in incident management and system investigation efforts within proper protocols and legalities as needed.
  • Appointed primary liaison with Paris HQ on all matters related security incident management.
  • Developed and maintained Security Incident Management Response Plan.
  • Direct responsibility for incident management procedures and activities.
  • Lead on Oracle and PeopleSoft database security: monitoring, reporting, log reviews, incident management and change controls.
  • Created and maintained site risk profiles and incident management reports for all MSIM locations globally.

Show More

45. Fisma

low Demand
Here's how Fisma is used in Information Security Manager jobs:
  • Provided Federal Information Security Management Act (FISMA) reports to Air Force Global Strike Command Headquarters.
  • Created different DLP policies, FAQ and user guides for FISMA, Web, and Email contents.
  • Completed FISMA, DHS TIC/TCV, A-123 and SSAE16 audits without repeat findings.
  • Conduct onsite audit in support of FISMA compliance Identify threats and vulnerabilities that adversely impact the BIA mission.
  • Assigned to newly-formed Continuous Monitoring Branch for FISMA security policy compliance.
  • Facilitate Certification/Accreditation, Security engineering efforts for FISMA compliance, NIST SP-800.

Show More

46. Data Loss

low Demand
Here's how Data Loss is used in Information Security Manager jobs:
  • Oversee Corporate Data Loss Prevention(DLP) to ensure effective protection of member and corporate information.
  • Implemented Data Loss Prevention Management by using Microsoft and EMC tools.
  • Develop and implement enterprise IT Security polices related to data security, data loss prevention, incident disposition & data classification.
  • Planned and conducted data loss prevention IT security audit on a multinational organization in the recruitment industry.
  • Deploy and Manage Data Loss Prevention and Security configuration analysis for various operating systems.
  • Implemented & managed an endpoint encryption/host data loss prevention environment.

Show More

47. Security Tools

low Demand
Here's how Security Tools is used in Information Security Manager jobs:
  • Guided team in forming leading practice information security recommendations for business; oversaw team in evaluating information security tools and products.
  • Provided technical expertise and guide the administration of security tools that control and monitor information security.
  • Plan and direct implementation and ongoing evaluation of information security tools.
  • Managed vendor relations and worked with third-parties as a POC to implement and integrate Security tools and technologies.
  • Managed and maintained key information security tools for compliance, incident response and assessment purposes.
  • Evaluated security tools and service desk systems.
  • Developed and aligned the TGRC enterprise security tools roadmap with named suppliers resulting in alignment to industry standards and corporate guidelines.

Show More

48. Glba

low Demand
Here's how Glba is used in Information Security Manager jobs:
  • Review NCUA and FFIEC guidelines to ensure regulatory compliance related to GLBA, PCI-DSS and other member information privacy regulations.
  • Lead and support the annual audit activities related to NCUA exam preparation based on GLBA exam procedures.
  • Assisted the implementation of the Consumer Privacy/GLBA and Identity Theft Red Flag Programs.
  • Obtained a strong understanding of GLBA and FFIEC controls and protocol.
  • Implemented secure email messaging system to ensure GLBA and NCUA compliance.
  • Enforced and documented GLBA, FFIEC, NCUA PCI-DSS industry best practices.

Show More

49. Nessus

low Demand
Here's how Nessus is used in Information Security Manager jobs:
  • Purchased Tenable's Nessus plug-in subscriptions to provide vulnerability scanning of our internal and public facing networks.
  • Utilized various tools for vulnerability scanning and assessment e.g., Nessus, Nmap, ISS, MBSA.
  • Perform network scans and vulnerability reports using NESSUS and Hailstorm (OWASP).
  • Managed scanning tools to include, TENABLE, RETINA, NESSUS and GOLDDISK.
  • Mitigate risk and vulnerabilities by providing Compliance Scanning and policy creation with Tenable Nessus scanning solution.
  • Performed Nessus vulnerability scans of critical enterprise servers and devices; reported results to management.

Show More

50. Security Practices

low Demand
Here's how Security Practices is used in Information Security Manager jobs:
  • Guided executive and senior level management in effective business continuity/COOP and information security practices.
  • Serve as a conduit between security and the lines of business to promote good security practices into applications within budget.
  • Gap analyses and recommending best security practices.
  • Served on the Security Task Force within Capital Markets and assisted in identifying best security practices.
  • Educate public user population in appropriate data security practices.
  • Managed the daily data security practices for the Great Lakes Data Center and the 20,000 users requiring mainframe and network accessibility.

Show More

20 Most Common Skill for an Information Security Manager

Ensure Compliance15.8%
Vulnerability Assessments8.6%
Information Security Policies7%
External Auditors6.4%
Risk Assessments6.3%
Infrastructure5.1%
Security Awareness5.1%
Information Technology4.7%

Typical Skill-Sets Required For An Information Security Manager

RankSkillPercentage of ResumesPercentage
1
1
Ensure Compliance
Ensure Compliance
10.9%
10.9%
2
2
Vulnerability Assessments
Vulnerability Assessments
6%
6%
3
3
Information Security Policies
Information Security Policies
4.9%
4.9%
4
4
External Auditors
External Auditors
4.4%
4.4%
5
5
Risk Assessments
Risk Assessments
4.4%
4.4%
6
6
Infrastructure
Infrastructure
3.5%
3.5%
7
7
Security Awareness
Security Awareness
3.5%
3.5%
8
8
Information Technology
Information Technology
3.3%
3.3%
9
9
Information Security Program
Information Security Program
3.2%
3.2%
10
10
Incident Response
Incident Response
2.9%
2.9%
11
11
PCI DSS
PCI DSS
2.9%
2.9%
12
12
Risk Management
Risk Management
2.9%
2.9%
13
13
Architecture
Architecture
2.5%
2.5%
14
14
ISO
ISO
2.3%
2.3%
15
15
Recovery Procedures
Recovery Procedures
2.2%
2.2%
16
16
Assurance
Assurance
2.1%
2.1%
17
17
SOX
SOX
2%
2%
18
18
Governance
Governance
2%
2%
19
19
Hipaa
Hipaa
1.9%
1.9%
20
20
Data Privacy
Data Privacy
1.6%
1.6%
21
21
Security Operations
Security Operations
1.6%
1.6%
22
22
Cyber
Cyber
1.6%
1.6%
23
23
Network Security
Network Security
1.6%
1.6%
24
24
Nist
Nist
1.5%
1.5%
25
25
Firewall
Firewall
1.5%
1.5%
26
26
Security Requirements
Security Requirements
1.4%
1.4%
27
27
Intrusion Detection
Intrusion Detection
1.3%
1.3%
28
28
Access Control
Access Control
1.2%
1.2%
29
29
Security Standards
Security Standards
1.2%
1.2%
30
30
Audit Procedures
Audit Procedures
1.2%
1.2%
31
31
Siem
Siem
1.1%
1.1%
32
32
DOD
DOD
1.1%
1.1%
33
33
Business Units
Business Units
1%
1%
34
34
Security Personnel
Security Personnel
1%
1%
35
35
Security Incidents
Security Incidents
1%
1%
36
36
Access Management
Access Management
0.9%
0.9%
37
37
Security Posture
Security Posture
0.9%
0.9%
38
38
Management System
Management System
0.9%
0.9%
39
39
Security Issues
Security Issues
0.8%
0.8%
40
40
VPN
VPN
0.8%
0.8%
41
41
Security Assessment
Security Assessment
0.8%
0.8%
42
42
Application Security
Application Security
0.7%
0.7%
43
43
DLP
DLP
0.7%
0.7%
44
44
Incident Management
Incident Management
0.7%
0.7%
45
45
Fisma
Fisma
0.7%
0.7%
46
46
Data Loss
Data Loss
0.7%
0.7%
47
47
Security Tools
Security Tools
0.7%
0.7%
48
48
Glba
Glba
0.6%
0.6%
49
49
Nessus
Nessus
0.6%
0.6%
50
50
Security Practices
Security Practices
0.6%
0.6%

34,130 Information Security Manager Jobs

Where do you want to work?