Information Security Manager

Indianapolis, IN (hybrid work structure)

Contract to Hire

3 years of experience

Position is responsible for collaborating with supported agencies and departments on Cybersecurity strategy, helping to ensure secure Enterprise and Department-level Configuration and Supply Chain Management for IT Services and solutioning. Position manages the development of standards, best-practices, guidelines, and policies for how those services, solutions, and their accompanying data, should be implemented and maintained in the future in line with the state agency’s IT Governance Plan.

Key Responsibilities

• Facilitate an information security governance structure through the implementation and management of a hierarchical governance program, including the formation of an information security steering committee
• Directly supports and champions the state agency’s goals of diversity, equity, and inclusion by ensuring compliance with Federal and State compliance frameworks impacting equity and inclusion (e.g., Section 508, WCAG certification, etc.)
• Manage and support an information security awareness training program for employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences
• Work to ensure that information security requirements are included in contracts by working with the CISO, ISA counsel, purchasing and the procurement teams
• Manage the information security function across the state agency’s enterprise to ensure consistent and high-quality information security management in support of the business goals
• Manage the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of nondigital risk areas
• Assist in the management of the budget for the information security function, monitoring, and reporting discrepancies
• Collaborate in the development of an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate
• Develop, implement, and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled, or/and processed by the organization
• Work effectively with business units to facilitate information security risk assessment and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite
• and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels
• Collaborate with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies
• Manage the enterprise architecture team building alignment between the security and enterprise architecture, ensuring that information security requirements are implicit in these architectures and security is built in by design. Coordinate and communicate the enterprise architecture with the Enterprise IT Operations team to ensure smooth IT governance throughout the ITIL delivery cycle
• Manage a risk-based process for the assessment and mitigation of any Enterprise information security risk posed by supply chain partners, vendors, consumers and any other third parties
• Manage the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
• Manage technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk
• Manage and contain information security incidents and events to protect state agency’s IT assets, confidential information, regulated data, and the state agency’s reputation
• Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
• Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support, and in-house consulting in these areas
• Conduct and attend project meetings to provide security and governance input throughout project lifecycles
• Creates, refines, delivers, and evangelizes information security standards to be used throughout the enterprise that balance business needs and external requirements
• Ensure through creation or delegation that all security-related documentation is complete, current, and stored appropriately
• Analyzes enterprise-wide development needs and management of an architecture governance process
• Manages Day to Day security services through Managed Services Provider and Direct Reports
• Monitors changes in the legislative, regulatory, and contractual landscape to ensure that the information security program is always at least one step ahead

Documentation:

• Manage and enhance an up-to-date information security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework
• Manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations
• Manage a document framework of continuously up-to-date information security policies, standards, and guidelines.
• Autonomously prepare reports and audit findings remediation plans in response to Internal audits, penetration tests or vulnerability scans

Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.

Job Types: Full-time, Contract

Pay: $30.00 - $37.00 per hour

Benefits:

• Dental insurance
• Health insurance
• Vision insurance

Schedule:

• Monday to Friday

Ability to Relocate:

• Indianapolis, IN: Relocate before starting work (Required)

Work Location: In person