Information Security Manager

Position Summary:

The Information Security Manager is responsible for the implementation, administration, and continual improvement of the security solutions identified in the organization’s security program to ensure that all information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which the organization operates. The Information Security Manager will be responsible for day-to-day security operations including supporting and maintaining a wide range of information security products that monitor and provide compliance across the digital assets owned, controlled and/or processed by the organization. The Information Security Manager will take direction from the Director of Information Technology and will work jointly with other IT Staff and 3rd Party Security Vendors along with other operational teams and Enterprise Architects to coordinate, facilitate and effectively implement and maintain the compliance of the organization’s security policies and procedures.

The Information Security Manager must be knowledgeable with the operation, maintenance and functionality of firewalls and endpoint security systems. The ideal candidate is dedicated and passionate about cyber security technologies and is constantly learning and evolving to have awareness of current hacking techniques and cybercrime and keeps pace with the industry’s latest trends to address these threats. This position requires a demonstrated track record of competency in cyber security design, administration and operations with three to five years of relevant experience preferably in financial services or nonprofit industries.

Working at Tides connects you with world-class teammates, enduring relationships, and an inspired sense of purpose—while our employee benefits support our team's talent and well-being. This is an exciting time to join Tides. In the past, Tides staff have worked predominantly from our offices in San Francisco and New York. Today, our hybrid work model supports staff with remote work from anywhere in the United States. We will be reopening our offices in the future, date to be determined.

Essential Duties & Responsibilities:

• Implement and manage secure, trusted systems to ensure appropriate confidentiality, integrity, availability, safety, privacy and recovery of digital assets owned, controlled and/or processed by the organization including custom or third-party solutions evaluation, selection, and implementation.
• Implement, manage and support secure network solutions to protect against advanced persistent threats.
• Perform and/or coordinate/manage third-party assessments and penetration testing to measure the effectiveness of the organizations cyber security program.
• Manage security technology systems that consist of Cisco, Microsoft and other security solutions related to VPNs, Data Loss Prevention, IDS/IPS, Web-Proxy, Security Audits and more.
• Troubleshoot and remediate issues associated to the organizations security and network, including handling any system breaches.
• Participate in the change management process to forecast the effects of change through potential scenarios and the security consequences on information resource changes.
• Test and identify network and system vulnerabilities to determine potential vulnerabilities that could be leveraged by a threat source and address identified issues accordingly.
• Identify and respond to threats including the characterization and attribution of threats, creation and sharing of situational awareness, and the development of mitigation strategies.
• Manage third party vendors with new and recurring security assessments.
• Understand and interact with key stakeholders to ensure the consistent application of policies and standards across all technology projects, systems and services – including privacy, risk, audit and compliance and business continuity management
• Provide clear risk mitigating directives for projects with digital technology components including the application of controls.
• Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
• Manage and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of the information security policies and processes.
• Manage and maintain a framework for roles and responsibilities regarding information and master data ownership, classification, accountability and protection of digital assets.
• Build and nurture external networks consisting of industry and peers, partners, vendors and other relevant parties to stay up-to-date on best practices to address common trends, findings, incidents, and cybersecurity risks.
• Monitor security advisory groups and ensure necessary security updates, patches and preventive measures are in place.
• Provide compliance reporting to operational and executive level team members.
• Create documentation and conduct periodic end-user trainings.

Education and Experience:

• BA /BS degree with a minimum of three to five years of experience in a combination of information security and IT.
• Experience working with products in the following categories Cloud Security, O365, Azure AD, Manage Azure identities and governance, Identity and Access Management, (Enterprise password vaults, Vulnerability scanning and management (Tenable, etc.), SIEM (AlienVault etc.), PKI, Application control, Network micro-segmentation.
• Professional security certifications are desirable, such as CISSP, CEH, CCSP
• Technical security solution certifications are desirable including Cisco Certified Network Professional - Security (CCNP Security), Cisco Certified CyberOps Professional, and Microsoft 365 Certified: Security Administrator Associate
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to speak clearly and concisely on cybersecurity strategy and policy, as well as to be able to convey technical information to individuals of different levels of technical comprehension, ranging from senior management to technical experts.
• Fundamental Computer Forensics skills to effectively protect organizations' digital assets and prevent security breaches.
• Understanding of regulatory and compliance specification relevant to GDPR, CCPA, etc.
• Development experience sufficient to automate repetitive tasks and scale your impact.
• Experience securing networks and infrastructure through firewall design, network segmentation and access (VPNs etc.).
• A desire to learn and self-educate to stay current on best practices and emerging industry trends.
• Knowledge of the latest trends and awareness of current hacking techniques and cybercrime.
• Highly vigilant and detail-oriented to effectively detect vulnerabilities and risks and quickly identify concerns and implement real-time security solutions to solve and address issues and complications before they expand.
• Up-to-date knowledge of information security risk management and cybersecurity technologies, methodologies, and trends in both business and IT.
• Proven track record and experience in successfully executing programs that meet the objectives of excellence in a dynamic and highly matrixed business environment.
• Strong analytical and problem-solving skills with a proven ability to make decisions and lead through high-pressure, high-stress situations.
• Knowledge of common information security and service management frameworks, such as ISO/IEC 27001, ITIL/ITSM, COBIT/ISACA, Cloud Security Alliance as well as those from NIST.
• Strong track record of sound judgement and professionally handling highly confidential and sensitive matters.

Application Instructions:

Please submit a resume and a thoughtful cover letter online. Your cover letter should express your interest in working for Tides and your qualifications for the role. You may also share your detailed LinkedIn profile with us. Tides is an Equal Opportunity employer. We value diversity and inclusion and we look forward to reviewing applications from all who are qualified to apply.

Equal Employment Opportunity:

Tides is an equal opportunity employer. We strongly encourage applications from women, people of color, and bilingual and bicultural individuals, as well as members of the lesbian, gay, bisexual, and transgender communities. Applicants shall not be discriminated against because of race, religion, sex, national origin, ethnicity, age, disability, political affiliation, sexual orientation, gender identity, color, marital status, or medical condition including acquired immune deficiency syndrome (AIDS) and AIDS-related conditions. Also pursuant to the San Francisco Fair Chance Ordinance, we encourage and will consider for employment qualified applicants with arrest and conviction records.

Applicants with Disabilities:

Reasonable accommodation will be made so that qualified disabled applicants may participate in the application process. If you seek an accommodation, please advise in writing at the time you apply.