Senior Manager, Cybersecurity

Under general direction, the Senior Manager, Cybersecurityis responsible for interfacing between the CISO’s strategic and process-based activities and the work of the technology-focused administrators, analysts, engineers and architects of the cybersecurity and IT organizations. The Senior Manager, Cybersecurity works with the IT organization and business management to align priorities and plans with key cybersecurity business objectives. The Senior Manager, Cybersecuritywill act as an empowered representative of the CISO during IT planning initiatives to ensure that security measures are incorporated into strategic business plans and that service expectations are clearly defined.

• Works with the CISO to develop a security program and security projects that address identified risks and business security requirements
• Helps define department strategic objectives and drives business outcomes in alignment to the organizational strategy. Works with the CISO to develop budget projections based on short- and long-term goals and objectives
• Monitors and reports on compliance with security policies, as well as the enforcement of policies within the IT department. Coordinates, measures and reports on the technical aspects of security management
• Proposes changes to existing policies and procedures to ensure operating efficiency and regulatory compliance
• Manages outsourced vendors that provide information security functions for compliance with contracted service-level agreements. Works as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements
• Serves as an active and consistent participant in the information security governance process. Provides support and guidance for legal and regulatory compliance efforts, including audit support
• Works with the CISO and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program
• Manages security projects and provide expert guidance on security matters for other IT projects. Consults with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software
• Designs, coordinates and oversees security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks. Recommends and coordinates the implementation of technical controls to support and enforce defined security policies
• Works with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements
• Develops a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
• Leads, influences and manages a team of resources to include all aspects of performance management, conducting talent acquisition activities, coaching and/or mentoring, and identifying training requirements for associates
• Determines the appropriate staffing mix of contractors and associates to maintain steady work and stay within budget. Creates, manages, and administers an annual departmental budget which may include billable hours and percentage targets

Required Knowledge, Skills, and Abilities:

• Strong leadership skills and the ability to work effectively with business managers, IT & Cybersecurity and IT staff. Proven ability to interact with internal personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel. Ability to present technical information to technical and nontechnical audiences using collaborative systems and presentation software

• In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies
• Ability to develop and maintain policies, procedures, standards and guidelines.
• Demonstrates and maintains current knowledge of industry trends and technologies
• Ability to gather, analyze and interpret business drivers and develop practical security solutions that provide value to security and support the business
• Ability to work with customers to understand and respond to their information security needs and/or concerns, represent our security program and how the program protects the customers’ data, and discuss the roadmap designed to continuously improve our security posture
• Ability to quickly learn and understand complex environments, independently reaching stretch goals, and continually improve knowledge and capabilities
• Advanced technical computer skills as required for technical support specific to functional area and related systems
• Knowledge and ability to work in HITRUST, NIST and SOC

Experience:

• 7 years of experience in Information Security
• 4 years of IT experience
• 2 years supervisory experience
• 3 years of experience implementing and enforcing security directives, policies, publications and regulations
• 2 years of experience conducting risk assessment work, IT auditing of compliance requirements, or framework gap analysis
• 2 years of experience working with HITRUST, NIST and SOC

Required Training, Certification and Education:

• Bachelor’s degree in computer science, information systems, Cybersecurity, engineering, business administration or a related field; or equivalent experience

• Travel: None
• Work environment:Must be able to use equipment at workstation for up to 8 hours daily
• Location: Home office/remote - Based in Atlanta, Georgia required
• Must be able to sit and use equipment at workstation for up to 8 hours daily
• May require after hours work if a system outage and/or security incident occurs
• May work occasional weekends

Benefits Overview

At NASCO, we trust our workforce to be fully remote,working from their home. This benefit offers significant, personalized outcomes for each associate including work/life balance, savings on commuting, work clothing, and increased time to spend on personal activities.

Our full benefit package is designed to support the physical, mental, and financial health of our associates. We offer:

Physical and Mental Health Benefits

• Choice of Blue Cross Blue Shield Medical, Dental, and Vision Plans
• Telehealthcare – for Medical and Behavioral visits
• Generous PTO with buy/sell options
• 9 Company holidays, a floating day off, and a day off for volunteering
• Employee Assistance Program
• Wellness program - earn insurance discounts or credit towards health-related items

Financial Health Benefits

• 401K Plan with employer matching contributions
• Company-funded spending/reimbursement accounts to help with out-of-pocket medical expenses
• Bonus and Recognition programs
• Tuition Assistance
• Consultation with financial planner
• Basic Life & AD&D Insurance, Short and Long-Term Disability Insurance provided, and Supplemental Term Life Insurance is available
• Group Discount programs - mobile, technology services, etc., to help you save money

Other Benefits

• E-Learning – Comprehensive and current library of e-learning and performance support assets, available on demand and at no cost

NASCO is an Equal Opportunity Employer/veterans/disability/race/color/religion/sex/sexual orientation/gender identity/national origin. Must have legal authority to work in the US.

We will not accept applicants that use AI when answering the screening questions. Applicants who use AI to answer any questions or to complete their application will not be considered for employment.