Pay Range: $119,737 - $149,671, DOE

The IT Security Manager (ITSM) acts as an interface between the Director of IT Security’s strategic and process-based activities and the work of the technology-focused analysts, engineers, and administrators in the Information Technology (IT) organization. The ITSM is a leadership role that requires an individual with a strong technical background, as well as an ability to work with the IT organization and business management to align priorities and plans with key business objectives.

This role and its function are part of the Information Technology shared services model. A Team Member in a shared service structure, works within a dedicated business unit (including people, processes, and technologies) that is structured as a centralized point of service and is focused on defined business functions. These units typically serve multiple business groups enterprise wide, and typically have established Service Level Agreements.

Primary Duties, Responsibilities, and Tasks:

• Translates the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting.
• Coordinates the IT organization's technical activities to implement and manage security infrastructure, and to provide regular status and service-level reports to management.
• Strategic Support:
• Works with the Director of IT Security to develop a security program and security projects that address identified risks and business security requirements.
• Manages the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing the Director of IT Security with a realistic overview of risks and threats in the enterprise environment.
• Monitors and reports on compliance with security policies, as well as the enforcement of policies within the IT department while proposing changes to the existing policies and procedures.
• Security Liaison:
• Provides security communication, awareness, and training for audiences, which may range from senior leaders to field staff.
• Acts as the liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.
• Manages production issues and incidents and participates in problem and change management forums.
• Works with the Director of IT Security and IT and business stakeholders to define metrics and reports strategies that effectively communicate successes and progress of the security program.
• Architecture/Engineering Support:
• Ensures that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software.
• Researches, evaluates, designs, tests, recommends, and plans the implementation of new or updates information security hardware or software and analyzes its impact.
• Develops and implements controls and configurations aligned with security policies and legal, regulatory and audit requirements.
• Operational Support
• Coordinates, measures, and reports on the technical aspects of security management.
• Manages outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
• Manages the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
• Manages security projects and provides expert guidance on security matters for other IT projects.
• Assist and guides the disaster recovery planning team in the selection of recovery strategies through the development, testing and maintenance of disaster recovery plans.
• Designs, coordinates, and oversees security testing procedures to verify the security of systems, networks, and applications, and manages the remediation of identified risks.
• Hires, trains, develops, empowers, coaches, counsels, conducts performance and salary reviews, resolves problems, provides open communication vehicles, disciplines, and recommends terminations as appropriate.
• Builds a work environment that promotes teamwork, partnership, recognition, mutual respect, collaboration, performance feedback/management, and Team Member satisfaction while role modeling the company values, behaviors, and culture of One.Team.Chumash.
• Performs other duties as assigned.

Required Qualifications:

• High School Diploma or GED Certificate.
• Bachelor’s Degree in Computer Science, IT security/cybersecurity, equivalent educational or work experience.
• Five years of IT experience with two years in an information security role.
• Two years of experience in a supervisory role.
• Advanced computer proficiency utilizing Microsoft applications, e-mail, and Internet.
• Must apply for, receive, and maintain a Gaming License from the Tribal Gaming Agency.
• Native American hiring preference applies.

About Us:

Chumash Enterprises is one of the premier employers in Santa Barbara County. We excel in providing a “Welcome to Freedom” atmosphere to our Chumash Casino Resort guests, while also offering a high level of care and customer service at our various Chumash-owned properties. For our Team Members, we are a unique employer with a “Free to Be Me” mentality. That means our Team Members have the ability to bring their most unique and individual selves to the workplace. It means they have the freedom to find their own path to success. With more than 1,800 Team Members, we offer a stable, rewarding, and energetic work environment with competitive pay, benefits, exciting growth opportunities, tuition reimbursement and more!
As our organization grows, new and exciting opportunities continue to develop at all of our properties, including Chumash Casino Resort, Chumash Employee Resource Center, Chumash Gas Station, Santa Ynez Tribal Health Clinic, Tribal Operations, Hotel Corque and The Hadsten.

Disclaimer:

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Consistent with federal law, Native American hiring preference applies.