Thursday, January 22, 2015

Security Jobs: Information Security Program Manager, Irvine, CA, Relocation: Yes

Information Security Program Manager
Irvine, CA
$110,000 to $125,000+, Bonus
Education: BA/BS, Masters Preferred
Relocation: Paid
Certification: CISSP, CISM, CISA, PMP Appreciated has been engaged by a global client where we placed the CISO in 2014 to build a global security, risk, compliance and privacy program.  This newly created position exists in a company that manufactures around the globe.  Protecting trade secrets and intellectual property is this company’s most significant focus.  This role will align the chosen candidate with significant opportunities to grow and to be mentored by one of the best CISOs I’ve ever placed.

The Program Manager will promote and guide the Software Development Life Cycle (SDLC) to ensure that security is built into processes, systems and applications. This position requires a strong individual information security contributor with sound knowledge of business processes and security technologies. The Program Manager will proactively work with business units to provide security guidance across the SDLC and system applications, including security architectural reviews.

The Program Manager will work in partnership with corporate line of business stakeholders and partners to integrate security transparently into the business. The Program Manager will work extensively with data classification to determine which sets of intellectual property are most important to the business and then build appropriate security strategies to protect this information.


·         Promote and guide the Software Development Life Cycle (SDLC) to ensure security is built into systems and applications
·         Develop key relevant business training and reports to support the security in processes, policies, and practices.
·         Close partnering with the information security team and corporate compliance, audit, legal and HR management teams
·         Support the global inventory of critical assets and data in a manner that meets compliance and regulatory requirements
·         Monitor the external threat environment for emerging threats, and its relevance to the program
·         Maintain the security of the company’s products throughout the product lifecycle
·         Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection
·         Create architecture framework, design, implementation, and function of information security systems and their corresponding processes, metrics, and impact to overall assets
·         Provide strategic security risk guidance for the SDLC, including the evaluation and recommendation of business and technical controls.
·         Ensure that introduced security initiatives are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
·         Perform security audits of systems and applications, including manage security audits performed by third parties
·         Provide guidance as a security consultant on new technology architectures as well to ensure proper security tools and monitors are in place
·         Lead the Security Information Incident Reponses plans
·         Administer and support security solutions to protect data at rest, data in use and data in motion
·         A Bachelor of Science degree from an accredited university in the area of engineering, computer science or computer information systems is strongly preferred, equivalent work experience may be considered
·         Minimum of 8 years of experience integrating security into the business, security risk management, information processes, product security, business architecture positions is required
·         Demonstrate a history of successful implementation of security in processes, applications, and systems within mid to large size corporate environments
·         Proven track record and experience applying a proactive approach to information security in business processes, architecture, policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment, required.
·         Authored technical documentation such as architectures, process diagrams, procedures, policies, verification and validation documentation and integration diagrams, required
·         Must exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
·         Experience in implementing Incident Response Programs, strongly preferred
·         Experience working with Business Continuity/Disaster Recovery policies and procedures, preferred
·         Experience in preparing executive summary presentations
·         Must be a critical thinker, with strong problem-solving skills
·         Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals, within a global environment
·         Ability to work at all levels from initial concept to operational implementation
·         Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security related concepts to technical and non-technical audiences
·         Knowledge and understanding of one or more legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard required.
·         Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST
·         Familiarity with industry standard security tools
·         Strong large scale Project Management skills and experience
·         Familiarity and adherence to change management policies and procedures
·         Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred.
·         Understanding of global privacy regulations is a plus as well as IAPP certification

Apply Online:

Jeff Snyder's,, Security Recruiter Blog, 719.686.8810's Security Recruiter Blog