Listing Description
EJ has an immediate opening for an Information Security Manager.
Generous Benefit Package that includes: Vacation & Holiday Pay, Medical, Dental, Vision, Employee Assistance Program, Wellness Program, 401K (with match), Life Insurance, etc.
About EJ: We are the leader in the design, manufacture, and distribution of access solutions for water, sewer, drainage, telecommunications, and utility networks. EJ is a family-owned company with corporate headquarters located in East Jordan, Michigan, where the company was founded in 1883. Globally, we employ over 2,500 people, have operations in 13 countries and sell our products in over 100 countries. We are looking to reinforce our market leadership and are seeking dedicated employees to join our team in the quest of our vision.
The core strength of our business is our dedicated employees. Employees who embrace our values, understand the importance of relationships, and strive for excellence. Our values, which have been passed down for generations, are the essence of our company’s identity and our guide for making decisions. Core values at EJ include safety and security, honesty and integrity, environmental responsibility, respect for others, quality and excellence, and social responsibility. We are seeking high-performing individuals who are interested in contributing their talents to an innovative and growing company.
Location: This position reports to the corporate office located in East Jordan, MI. The right candidate for this position could have the option to work remotely.
SUMMARY
The Information Security Manager is a member of the Information Security and Privacy Leadership (ISPL) team. This position is an interface between the Chief Information Officer’s (CIO) strategic and process-based security activities and the work of the technology focused specialists, engineers, administrators, and architects in the IT and OT organizations. This role provides strategic, architectural, operational, and technical support to the global information security program; and is considered a global technical resource for regional IT and OT Departments to assure the consistent implementation of global security controls.
The Information Security Manager is also responsible to help monitor EJ regional information systems for access control violations/intrusion detection, cybersecurity problems and malware issues, as well as assist with recovery from access control violations, malware attacks and cybersecurity incidents.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.
- Promotes security and safety awareness, accident prevention, and employee involvement with regard to a safe work environment.
- Promotes the company culture, the mission and vision, and the core values of the company.
- Must be able to translate the IT and OT risk-based requirements and constraints of the business into technical control requirements and specifications.
- Coordinates the IT and OT organization’s technical activities to implement and manage the company global security infrastructure and provides regular status and service-level reports to management.
- Lead and manage multiple projects and initiatives simultaneously. Ability to prioritize work.
Strategic Support
- Administer and propose changes to the Company Information Security and Privacy Program. Major components of the program include policies, security and privacy awareness training, technical system controls and audits.
- Experience with the CIS security controls, benchmarks and control assessments to help assure all appropriate risks are minimized and controls implemented in both the IT and OT environments.
- Work with the CIO and regional IT and OT Departments to identify areas of high security and privacy risk and propose appropriate policies, training and controls to the Information Security and Privacy Department.
- Identify opportunities to both improve and simplify global information technology security management, including reducing the number of and variety of dissimilar security technology platforms.
Architectural/Engineering Support
- Work with the regional IT and OT Departments to assure that security safeguards are built into all internal, interfaced, and third-party systems housing confidential/private data.
- Document where security policies are not 100% attainable. Work with the regional IT and OT departments to manage these exceptions and create plans and processes to eliminate the exceptions where appropriate.
- Work with the global IT and OT Departments to assure proper implementation of CIS security controls, and schedule audits where compliance is suspect.
- Conduct audits of security policies and vulnerability tests of security controls and make recommendations for improvements. Validate that each region has properly implemented the security program.
- Conduct cyber security tabletop exercises with IT and OT.
- Work with global IT and OT teams on disaster recovery and resiliency planning and testing.
- Research, evaluate, design, test, recommend or plan the implementation of new information security hardware and software, and analyze its impact on the existing environments; provide the technical and managerial expertise for the administration of security tools.
- Provide assistance to the regional IT and OT Departments with the configuration and operation of the various information technology system for a highly secure environment to meet all global security and privacy legal compliance requirements.
Operational Support
- Monitor the company execution of the security and privacy program to validate that the program is implemented and processes are completed as outlined and scheduled in the security policies; or recommend policy changes.
- Proactively monitor global system reports for access control violations/intrusion detection, cybersecurity problems and malware issues.
- Actively work with global regions on complex incident detection, troubleshooting, resolution and recovery, and reporting from access control violations, malware attacks and cybersecurity attacks.
- Maintain a knowledgebase for information security topics, such as security advisories and alerts for IT, OT and the general employee population.
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies.
Security Liaison
- Assist personnel and IT and OT Departments in understanding and responding to security issues and security audit concerns.
- Work with various global department leaders, including IT, OT, HR, and Finance, to educate them on security risks and necessary controls and to identify new risks and appropriate controls.
- Monitor all security incidents to validate that each global region has completed all steps for all incidents, including post-incident reviews and follow-up steps. Actively participate in incidents to assure that lessons learned from other incidents are shared throughout the organization and are properly documented for global sharing.
- Keep abreast of security alerts by information system vendors, government agencies (such as CISA), professional associations and other organizations as needed, communicate the alerts as appropriate, and make recommendations of precautionary steps.
- Keep abreast of global information security and privacy regulatory changes and make appropriate policy, training and control recommendations to the ISPL to meet legal requirements.
- Work with the CIO, IT and OT Departments, and ISPL to develop, report and monitor a security performance dashboard to be used by the ISPL and global regions.
- Be the global consolidator and disseminator of technical expertise on security capabilities of various security and privacy technologies to assure consistent global implementation of security controls. The following is a non-comprehensive list of some of these technologies:
o All network equipment (firewalls, routers, switches); all server, database, SAN and endpoint operating systems, server, application, and database resiliency.
o Security applications: Intrusion detection and prevention, access controls, CASB, virus protection, spyware, adware filtering, web site blocking, DLP, etc.
QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION and/or EXPERIENCE
Bachelor’s degree (B.A. or B.S.) from a four-year college or university, several years of related IT and OT cyber security experience and security certifications desired.
Appropriate security certifications include the following: CISM, CISSP, CISA, CRISC. Microsoft technologies certifications: Azure and Defender.
OTHER SKILLS AND ABILITIES
- Spoken and written English language proficiency required
- Spoken and written French language proficiency desired
- Expertise in leading project teams and developing and managing projects
- Ability to collaborate and facilitate action with different IT and OT organizations who do not directly report to this position
- Ability to clearly present ideas to Company Leaders or other IT Department members
- Strong analytical skills
- Excellent verbal, written, and interpersonal communication skills
PHYSICAL DEMANDS
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit and use hands to finger, handle, or feel. The employee frequently is required to talk or hear. The employee is occasionally required to stand; walk; reach with hands and arms; climb or balance; and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, color vision, and ability to adjust focus.
WORK ENVIRONMENT
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is occasionally required to be in the manufacturing environment and to be exposed to moving mechanical parts, extreme heat, and risk of electrical shock. These exposures are limited and are secured through proper safety precautions such as proper PPE and other safety policies. The noise level in the work environment is usually moderate, although there is an occasional need to work in the manufacturing environment, where noise levels are increased. In such cases, proper PPE, such as hearing protection, is required.
TRAVEL
Overnight and international travel is required.
Listing Details
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: Full Telecommute