Information Security Manager The information security manager plays an integral part in the development, implementation, and compliance of technical security across the enterprise. The officer is responsible for managing risks related to information security, physical security, business continuity planning, crisis management, privacy, and compliance. In addition, the officer ensures all staff members are trained on enterprise and governmental security requirements through awareness programs.  Develops and implements security standards, processes and procedures, and guidelines for the enterprise  Ensures and monitors security compliance with industry and government rules and regulations  Coordinates with technology and business groups to assess, implement, and monitor IT-related security risks/hazards  Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments  Reports security performance against established security metrics  Ensures security compliance and meets all service level agreement requirements  Creates an information security awareness program to ensure staff members across the organization understand the trade-off between risk and return  Understands voice of the customer and develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end users so that policy can align with need  Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.  Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate.  Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.   Work planning, prioritization and assignment; establish and monitor accountability for subordinates job responsibilities  Align staff to achieve departmental and company goals and objectives  Training and team-building; staff development for professional and corporate growth; coaching, mentoring and counseling  Timely performance management (appraisals, reviewing and approving work; rewards and disciplinary action; conflict resolution)  Interviewing and hiring decisions; promotions and demotions  Termination of employees within Company Policies and Practices (reviewed by HR)  Ensure compliance with Company Policies  Demonstrate and encourage integrity and alignment with Company Vision, Mission and Values  Develop and implement strategies to achieve and protect the long-term growth of the Company  Actively participate in strategy development for Company  Develop and manage budgets and forecasts  Develop management reporting on key aspects of work volume, risks, projects and initiatives.  Meet positions goals and objectives  Track, monitor and prepare report on departmental goals and objectives  Special Projects Other duties as assigned  Has high degree of initiative, dependability and ability to work with little supervision.  Has proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.  Has a managerial skill needed for providing limited supervision for one or more functions within a department.  Work is broad in scope covering one or more complicated areas. Policy, procedure, and/or precedent are often created by this position. A high degree of analytic ability and inductive thinking is required to devise new, non-standard approaches to highly intricate, technically complex problems.  Responds to and handles unfamiliar situations with little supervisory guidance.  Solves problems that are complex, varied and only mildly related to those seen before. Simply determining what the problem is requires major individual effort and/or consultation with others within the department. A high degree of analytical ability and inductive thinking may be required to solve highly intricate, technically complex problems. Must be able to develop new and nonstandard approaches.  Applies recommends and implements highly advanced technology concepts to improve organization-wide efficiency and effectiveness or has final approval of technology applications to be used. Technical Skill Sets Required:  Experience with current IT security technologies including but not limited to: o LAN/WAN technology o Wireless security o Penetration testing o Identity management o Identity theft o Denial of service attacks o Hacking techniques o Access list management, etc.  Advanced understanding in one or more of the following areas: o Operating System Security o Database Security o Network Security o Firewalls o Computer Security Incident response or Vulnerability Scanning  Strong understanding of Information Security Standards and Technical Security Risk Assessment IV. Education, Training and Experience Required: a. Special courses/licenses needed: b. Formal education required.  Bachelors or masters degree in computer science, management information systems, business administration, or related discipline c. Minimum experience needed:  Ten years of experience in a combination of risk management and information security.  At least eight years must be in an information security role.  At least five years in an IT leadership role  preferably in information security d. Experience:  Professional experience in running the information security office analyzing and applying information security, risk management, and privacy practices  Extensive experience in strategic planning, budgeting, and allocation  Consulting and general industry experience  Experience in Mortgage Industry and Understanding of the regulations governing that industry.  Knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI D. CISSP, CISM, CISA preferred.