• Sr. Manager, Information Security

    Dairy Farmers of America (Kansas City, KS)


    Job Description

    The **Information Security Sr.** **Manager** plays a pivotal role in advancing DFA’s information security program capabilities. This role handles the complex and detailed technical work necessary to integrate various security and data protection technologies, control standards, and processes into a cohesive architecture that sufficiently mitigates security risk. Specifically, this position will design and lead the adoption of appropriate and reasonable security standards and controls for computer platforms, applications and networks based on the needs of DFA stakeholders, industry-recognized frameworks and practices, and regulatory security requirements.

     

    As a direct report to the Chief Information Security Officer, this is a senior position where communication and alignment of efforts with other technical and business teams is necessary.

    Job Duties and Responsibilities:

    + Actas information security technical expert; provide advisory and consulting services to business and technical teams.

    + Conduct complex security architecture design and analysis of on-premise and cloud-based networks, systems, applications, third party integrations and other technologies to identify risks and provide guidance on strategies for mitigating those risks.

    + Design and oversee deployment and availability of enterprise security tools including, but not limited to: log management (SIEM), antivirus, intrusion prevention, data leak prevention, vulnerability scanning and remediation, identity management, etc.

    + Establish baseline security configuration standards for operating systems (OS hardening), network segmentation, and access controls.

    + Create and maintain high quality documentation for current and proposed security architecture, standards, procedures and technical configurations.

    + Support achievement of Information Security’s strategic objectives by ensuring policies, processes and standard controlsare adopted and applied consistently across all locations.

    + Determine security requirements by evaluating business strategies and requirements, researching information security standards, conducting risk and gap assessments, and studying architecture/platforms and processes.

    + Research, recommend and/or develop new or improved tools to enhance security services, information intelligence and analytics.

    + Work with the Development team to implement secure coding and development practices.

    + Perform and/or analyze vulnerability scans and penetration tests to direct other parties in properly mitigating vulnerabilities. Support both internal and external penetration testing and validation of security control effectiveness.

    + Defining the security incident response process and leading investigation efforts to determine root causes and appropriate response actions.

    + Continually stay informed on security and technology issues and emerging threats that could impact the business and communicate these issues within the security team and other appropriate audiences.

    + Assist in developing and implementing security awareness and technical training efforts.

    + Perform other miscellaneous duties as assigned.

    Requirements

    Qualifications:

    + Bachelor’s degree in information security, computer science or other related field (work experience may be substituted for the required education on a year for year basis).

    + Minimum of 5 years of senior level information security and\or IT technical work experience.

    + At least one professional security certification (CISSP, SANS, CEH or other relevant certification) is preferred.

    + Strong understanding of current information security threats, standard frameworks (e.g., NIST CSF, ISO27001\2)

    + Extensiveexperience with implementing and managing common security technologies including centralized log management, application and system vulnerability scanning, intrusion detection\prevention, antimalware, encryption, and authentication and access controls.

    + Expert understanding of security controls to protect both on-premise and cloud-based platforms (AWS, Azure) and applications including Active Directory, Windows server and desktop, Mac OS, SQL, VMWare virtualization etc.

    + Familiar with common application stack technologies (e.g., HTTP, HTML5, AJAX, REST, JSON, etc.) and scripting language (PowerShell, etc.)

    + Strong leadership ability with the capability to develop and guide security team members and work effectively with business stakeholders and technical staff

    + Excellent written and verbal communication skills with the ability to effectively communicate complex concepts, policies, and procedures to individuals with a varying range of expertise, interests and backgrounds.

    + Excellent problem solving and analytical skills with the ability to quickly isolate problems, collect data, establishfacts and draw valid conclusions.

    + High level of integrity and judgement concerning privacy and confidentiality issues

    _Knowledge,_** **_Skills_** **_and Abilities_

    + Ability to travel 25-50% (up to 1 week per month)

    + Knowledge of information security frameworks and architectures

    + Knowledge and ability to apply security frameworks like NIST in a business setting

    + Knowledge of security incident response and management

    + Knowledge of Microsoft OS and company computer systems

    + Knowledge of the use of Azure

    + Knowledge of managing large scale windows operating environments

    + Knowledge of project management tools and techniques

    + Knowledge of principles and practices of supervision, training, and personnel management

    + Skill in proficient computer usage

    + Skill in critical thinking, analysis, mathematical calculations, and statistical evaluations

    + Able to communicate clearly and effectively, both verbally and in writing

    + Able to apply technology solutions to business problems

    + Able to work with accuracy and attention to detail

    + Able to work in collaboration effectively and foster good teamwork

    + Able to present ideas using language that is relatable to businessand end-users

    + Able to consider impact of actions and decisions on employees, coworkers, and customers

    + Able to multi-task and problem solve

    + Able to work independently and as part of a team

    + Able to prioritize and meet deadlines

    + Able to promote a team environment

    + Able to present to diverse audiences from front line team members to senior management

    + Able to perform task and duties without constant supervision

    + Able to read, write, and speak English

    Additional** **desired skills,** **competencies** **and experience include:** ** 

    + Experience in the Dairy, Food and Beverage or Consumer Products Industry

    + Experience with security controls for SAP

    + Experience with managing external service providers.

     

    An Equal Opportunity Employer including Disabled/Veterans