Information Security Manager-IAM Job Summary

Apply Now

Job: 34537-MMCC Location: US-MA-Natick Department: Information Technology

Position Summary

The Information Security Manager role will oversee and manage our Identity and Access Management (IAM) programs and strategy including Privileged Account management, security awareness, and phishing initiatives across the organization. The ideal candidate will possess a strong background in information security and a proactive approach to safeguarding our company's digital assets. We particularly value excellent leadership skills in our ideal candidate, who will manage and lead a diverse team of IT Security Analysts in day-to-day operations, project planning, and execution of IT Security initiatives. 

IAM Activities Facilitates the use of technology-based tools or methodologies to review, design and/or implement products and services to provide a strong IAM program that balances access with compliance and confidentiality and business requirements Identifies and evaluates complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement Identifies the broader impact of current decisions related to user access, data access and information security Acts as subject-matter-expert on all IAM disciplines including identity governance and administration, (IGA), Access Management, (SSO, MFA), privileged access management and identity verification, (ID Proofing, etc.) Provides management status reporting to include accomplishments, plans for upcoming activities and overall completion status on a regular basis ensuring all milestones and deliverables are achieved within communicated deadlines Own the lifecycle management of all IAM technologies and its associated infrastructure Aligns IAM processes across the organization where applicable, and develops and documents standards for organizational use Collaborate with IT and other departments to integrate IAM solutions with existing systems Partner with other business security units to gain alignment and support the overall strategy for internal and external IAM program Business Strategy Envisions business outcomes and works with business leaders to create business initiatives Aligns IAM processes across the organization, and develops and documents standards for organizational use Partners in an IAM selection process, evaluates existing and emerging technologies and tools in the selection of an IAM service offering for the business units Understands business and information technology management processes and demonstrates advanced understanding of business processes, identity-first security, internal control risk management, IT controls and related standards Awareness, Training and Other Communications Fosters an understanding of the need for and application of the IAM system, and facilitates decision making with the business users Builds and nurtures positive working relationships with business units Identifies opportunities to improve engagement with the business units Design and deliver security awareness training programs for employees. Develop engaging content to educate staff on security best practices and emerging threats. Conduct regular phishing simulations and other security awareness exercises. Evaluate the effectiveness of security awareness programs and make improvements as necessary

 

    Responsibilities Oversee team operational and project tasks by managing Kanban and sprint planning boards to help support the project management aspects of day-to-day operations Ensure effective coordination and direction of team activities while actively participating in organizational, project, and team meetings Develop and execute information security plans that align with the company's goals. Guide the security team in their crucial role and collaborate with other departments to ensure unified security measures Oversee, develop, implement, and enforce the IAM program supporting the organization. The identity program includes privileged account management, user account management oversight, enhancement of authentication systems, and integration into the identity governance and administration solution Oversee the development and implementation of security awareness training programs, including phishing simulations, educational content, and program evaluation Manage vendor relationships and collaborate across departments to ensure cohesive security practices. Prepare regular reports for management, stay informed about the latest security trends, and manage resource allocation for security programs Manage the Zero Trust program to align with the company's objectives

 

 

Minimum Qualifications A bachelor's degree and 7 years of professional work experience (or equivalent experience) is required. 2 years management experience is required. Additional Qualifications Proven experience with operational management in diverse environments Automating security processes and workflows for efficiency and repeatability Experience implementing security processes within CI/CD pipelines for cloud-native applications Strong analytical skills and the ability to work with teams on complex security tasks Understanding and experience with NIST CSF, SOC2, ISO27001, NIST SP800-171 and NIST SP800-53 Experience of Ping Federation, SailPoint, and other Identify access management solutions. Experience in managing and implementing identity and access management solutions, identity governance, and administration systems. Professional certifications such as CISSP, CISM, or CISA are highly desirable. Knowledge in managing and implementing identity and access management solutions and identity governance and administration systems. Knowledge and experience in managing and implementing data security, data masking, and data loss prevention programs. Knowledge of Information Security best practices Strong understanding of IAM principles and best practices Strong knowledge of data security principles and best practices Experience with management of IAM and data loss prevention systems Extensive leadership experience in overseeing high-performing teams in a highly collaborative environment