Senior Manager, Information SecurityAt Resource Innovations
Resource Innovations is seeking a Senior Manager, Information Security (SMIS) with demonstrated experience in the areas of governance, risk, and compliance. This role is the company’s thought-leader for information risk and security management and related activities throughout the Utility Services, Grid Management, and iEnergy business units (BUs). This position will be directly accountable to the Executive Leadership Team and will collaborate with our Legal, Human Resources, and Information Technology teams.
Scope, purpose, and nature of role:
The SMIS is responsible for interpreting the business and information needs and wants of the BUs and then developing and implementing strategies concerning the protection of our information assets, ensuring our compliance with relevant laws and regulations, governing and (at a high level) managing the information risk and security management function, and most of all supporting/enabling achievement of business objectives. Where appropriate, The SMIS also liaises with external stakeholders such as auditors, service providers, customers and authorities, such as industry regulators on significant matters.
The primary functions of the SMIS are to (1) inspire and coordinate the wide variety of activities associated with identifying, evaluating and remediating information risks throughout the BUs, (2) manage the BUs’ information security management program and achieve ISO 27001 certification, and (3) lead the BUs’ security committee. The role includes but stretches well beyond IT risk and security, touching on aspects such as compliance, physical security, personnel security, incident management, business continuity and more. A further objective is to liaise with and provide relevant, timely, credible information and sound professional advice to senior management concerning the BUs’ information risk profile and the status of information risk treatments.
- Coordinates the development and implementation of information management practices including policies, standards, guidelines and procedures; assist BUs to define and understand their responsibilities in relation to information management; assist BUs to identify their information needs and requirements. Compliance initiatives are focused on, but not limited to ISO 27001, SOC 1 and SOC 2.
- Takes the lead on privacy matters for management and staff, is accountable for the adequacy of the BUs privacy arrangements, including our privacy framework and compliance with privacy-related obligations (especially privacy laws and regulations). As a global company, this includes GDPR.
- Develops strategic planning processes to align information requirements and supporting systems and infrastructure with legislative requirements and the strategic goals of the BUs.
- Ensures that the information resources of the BUs are managed as a corporate asset.
- Plans and coordinates with the Director of IT and other BU Information Security Managers to implement systems to effectively manage the BUs’ information assets and the development of tools, systems and information technology infrastructure to maximize the access and use of the information resources.
- Ensures that information security policies and governance practices are established to ensure the security, confidentiality, and privacy of information resources and supporting IT systems with the BU’s overall information security plan.
Distinguishing characteristics of the ideal candidate
- A natural leader with demonstrably strong leadership capabilities e.g. highly influential and motivational, a good bidirectional communicator both in writing and face-to-face;
- Combining strong personal integrity (grit) with pragmatism, willing to stand up for what’s right for the organization, yet open to alternative means of achieving it.
- Realistic and pragmatic in approach, for example understanding that although minor privacy incidents are practically inevitable, they are worthwhile learning points and improvement opportunities;
- Able to see the bigger picture and think strategically where appropriate, since privacy is just one of many business and information issues of concern to the company;
- Capable and willing to establish effective, productive working relationships with various managers, staff and other professionals (including third parties) on privacy, security and related matters, guiding them where relevant, responding to their concerns and collaborating on mutually beneficial solutions.
- Extremely proficient project management skills, with demonstrated ability to coordinate and organize work deliverables across multiple contributors as part of recurring annual and quarterly priorities.
- Business management: 5-7 years of real-world management experience involving contact with senior management, departmental/corporate management, budgeting, strategic planning, management reporting and metrics, legal and regulatory compliance, formulation and management of information security policies, forensics, fraud etc;
- Information risk and security management: At least 5 years of work experience in this field; demonstrable experience with relevant approaches, standards, methods, frameworks etc.; Hands-on experience of ISMS design and implementation specifically ISO 27001 certification project management experience is required; CISM certification is highly desired;
- Project Management: Project and personnel management experience, good at scheduling and managing time, people, budgets, tasks etc. and working to dynamic priorities;
- Compliance/legal and information risk management background: with exposure to the broader aspects of privacy including information security, IT, ethics and incident management, HR, auditing etc.;
- IT audit skills (e.g. able to assess risks, ask the right questions and get to the bottom of things, plus write and present formal management reports):Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) credentials are highly desirable and preferred;
- Excellent communication skills, both written and oral, able to demonstrate the ability to write well and present confidently, evangelically even;
- Candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience, and suitability for the role.
Resource Innovations offers competitive salaries based on candidate's qualifications. Resource Innovations also offers three weeks paid vacation per year, eleven paid holidays per year, a 401(k) plan with employee matching funds and an overall comprehensive benefits package.
Resource Innovations is an Equal Opportunity Employer, committed to ensuring equal employment opportunities for all job applicants and employees without regard to race, color, religion, national origin, gender, age, disability, marital status, genetics, protected veteran status, sexual orientation or any other protected status. In addition to federal law requirements, Resource Innovations complies with applicable state and local laws governing non-discrimination in employment in every location in which the company does work.
The above job description and job requirements are not intended to be all inclusive. Resource Innovations retains the right to make changes or adjustments to job descriptions and/or job requirements at any time without notice.