The Information Security Manager leads the development and implementation of security solutions and processes across the organization. They are responsible for providing operational security solutions that would enable the success of IT and business initiatives. Will develop and build solutions to manage the risk of operational systems, applications, and data through governance, policies and controls, risk assessments, and issue & exception management. The role requires building out a robust risk management and security programs, identifying and mitigating risks, establishing security policies and practices, implementing security controls, and educating stakeholders on prioritizing and addressing internal risks. Security Manager interfaces with IT Groups across the company, client managers, business customers, third-parties, vendors, and auditors. The Security Manager designs and operationalizes security solutions that can be effectively delegated to support/operations functions or other third-party vendors.
Essential Position Duties:
* Develops and implements security standards, processes and procedures and guidelines for the enterprise.
* Ensures and monitors security compliance with industry and government rules and regulations.
* Coordinates with technology and business groups to assess, implement and monitor IT-related security risks/hazards.
* Manages the trade-offs required to manage the different levels.
* of risk tolerance and risk exposure across the organization and balance this with risk investments
* Reports security performance against established security metrics.
* Ensures security compliance and meets all service-level agreement requirements.
* Creates an information security awareness program to ensure staff members across the organization understand the trade-off between risk and return.
* Understands “voice of the customer” and develops mechanisms to proactively sense end users’ adoption and usage patterns of consumer technologies so policy can align with need.
* Lead technical direction in designing and implementing security solutions for corporate technical infrastructure and business applications.
* Configure and manage security information systems, intrusion detection systems, Windows and Linux host-based security, as well as network and cloud-based security systems, for the protection of corporate IT infrastructure as well as proprietary client-facing systems and services.
* Support independent auditors and security assessment requests.
* Review with senior leaders identified security and compliance concerns, risk characteristics, recommendations, and remediation progress.
* Interact with internal and external clients on security requirements, identify security process and develop strategies/solutions to security issues while maintaining tight security discipline.
* Lead Cyber Security incident investigations.
Knowledge and Skills/Technology Used:
* Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
* An ability to effectively influence others to modify their opinions, plans or behaviors.
* An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
* An understanding of organizational mission, values and goals and consistent application of this knowledge
* An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
* Ability to react to high-pressure, dynamic changing environments.
* Experience in implementing Information Security technologies and processes required.
* Good understanding of Web, Mobile and Application security engineering and operations
* Good understanding cloud-based services in the areas of security automation, engineering and design.
* Experience assessing and supporting standards-based security control requirements (e.g., SOC 2, ISO, NIST, etc.) and related audits for compliance.
* Experience implementing security tooling, processes, and strategies in the areas of AV endpoint protection, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Active Directory, SAML / ADFS, Multi Factor Authentication, RADIUS, and related technologies.
* Demonstrated knowledge of IT networks and systems and associated security principles (e.g., firewalls, DMZ, Storage, Virtualization, OS-level configuration, encryption, load balancers, proxies, VPN, bandwidth management), resiliency and redundancy)
* Experience with secure data handling standards (e.g., PII, GDPR, PHI, CCPA, etc.), encryption algorithms, methodologies, and cryptographic key management concepts
Education & Experience:
* 3 to 7 years’ experience as an Information Security Manager
* Bachelor’s Degree in Information Systems, Information Technology, Computer Science, Engineering or Equivalent Experience Minimum of 10 years of information technology experience
* One of the following certifications: Certified Information Security Systems Professional (CISSP), Certified Information Security Manger (CISM) or Certified Information Systems Auditor (CISA)
* Solid expertise in Information Security, Cybersecurity.
* Understanding of cybersecurity threats and vulnerabilities related to IT system architectures and design.
* Experience with NIST, ISO and Information Assurance
Physical Requirements / Working Conditions:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Individuals may need to sit or stand as needed. May require walking primarily on a level surface for periodic periods throughout the day. Reaching above shoulder heights, below the waist or lifting as required to file documents or store materials throughout the work day. Proper lifting techniques required. May include lifting up to 25 pounds for files, computer printouts on occasion. Frequent use of computer and telephone.
Primary environment: ambient room temperatures, lighting and traditional office equipment as found in a typical office environment.
About Toyota Material Handling
Let Toyota take your career to new heights. Toyota Material Handling provides employees with the opportunity to make a meaningful impact through innovation and creativity in an unmatched culture.
Based in Columbus, Indiana, Toyota offers a full line of high-quality material handling equipment sold under the Toyota brand for over 50 years. We are proud of our large and diverse workforce. We seek individuals committed to excellence with talent, skill and innovation. We offer a competitive salary and benefits package with a pleasant and challenging work environment. Life is better at Toyota.
Benefits that set Toyota apart:
· Competitive Salary bonus program
· Low cost Medical with Free Dental and Free Vision Insurance
· Free On-Site Medical Center
· On-Site Pharmacy
· Free On-Site Recreational Complex
Affirmative Action Responsibility:
It is the Company’s policy to afford equal employment and advancement opportunity for all qualified individuals without distinction or discrimination because of race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled