Manager/sr Manager Information Security Job in Emeritus Institute Of Management

Responsibilities:

• Build, deploy, maintain, and enforce information security risk management standards, policies, and procedures to maintain and enhance the compliance posture within RapidAPI
• Lead customer, partner, and vendor InfoSec audits and risk assessments, communicate results to information security stakeholders or business partners, and ensure remediation of outstanding issues
• Perform internal risk assessments and analysis to identify opportunities to improve risk posture, and develop solutions for remediating or mitigating risks and assessing residual risk
• Anticipate new security threats and stay-up to date with evolving industry, regulatory, and legal requirements relevant to security, compliance, and privacy
• Monitor security vulnerabilities, threats, and events in network and host systems
• Develop strategies to handle security incidents and coordinate investigative activities to promote a culture of information security throughout the organization, providing subject matter expertise, guidance, and training
• Prepare financial forecasts for security operations and proper maintenance cover for security assets
• Prioritize security projects based on costs, benefits, resources, and alignment with business goals
• Execute regular Information Security Audits to ensure compliance with existing Information Security policies and identify areas for improvement

Qualifications/Skillsets required:

• Industry certification in IT Security preferred (e.g. CISSP, CISM, CISA, SANS) Demonstrated experience of working in a cloud IT environment and cloud product offerings with experience in driving SOC2 and NIST certifications for customer facing environments
• 10+ years experience with Information Security or related field
• Strong knowledge of security risk management frameworks including related regulatory compliance requirements (e.g. NIST CSF & 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRamp, PCI, GDPR)
• Has led and built audit and InfoSec compliance frameworks
• Demonstrated understanding of qualitative vs. quantitative risk management to determine, evaluate, and report on technology risk levels at the project and enterprise level
• Works independently and with management on high visible, divisional/cross-divisional projects
• Strong oral and written communication skills with ability clearly communicate complex concepts in simple terms for key stakeholders

To apply for this job, mail us at jobs@emeritus.org