Information Security Manager
The ISM reports to the CTO, is a member of the CTO leadership team and serves a key role in the organization. The ISM is an advocate for the company's information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the company. The ISM leads the development and implementation of a security program that leverages collaborations and company-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities.Principal Duties and Responsibilities:Responsible for the strategic leadership of the Company's information security program.Provide guidance and counsel to the CTO and key members of the IT Management team in defining objectives for information security.Work with IT Management to oversee the formation and operations of a company-wide information security team that is organized toward a common goal in information security.Manage Company-wide information security governance processes, chair the Information Security Committee.Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.Stay abreast of information security issues and regulatory changes affecting public companies. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.Bring groups together to share information and resources and create better decisions, policies and practices.Mentor the Information Security team members and implement professional development plans for all members of the team.Perform special projects and other duties as assigned. Policy, Compliance, and AuditLead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the Company's information and technology systems.Work with Internal Audit and outside consultants as appropriate on required security assessments and audits.Coordinate and track all information technology and security related audits including scope of audits, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit teams and provide a consistent perspective that continually puts the Company in its best light. Provide guidance, evaluation, and advocacy on audit responses.Work with Management and relevant responsible compliance department leadership to build cohesive security and compliance programs for the Company to effectively address state and federal statutory and regulatory requirements.Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors. Risk Management and Incident ResponseKeep abreast of security incidents and act as primary control point during significant information security incidents. Convene Incident Response Team (IRT) as needed, or requested, in addressing and investigating security incidences that arise.Convene Information Security Committee as appropriate and provide leadership for breach response and notification actions for the Company.Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.Examine impacts of new technologies on the Company's overall information security. Establish processes to review implementation of new technologies to ensure security compliance. Outreach, Education and TrainingWork closely with IT leaders, technical experts on a wide variety of security issues that require an in-depth understanding of the IT environment, as well as the research landscape and federal regulations.Work closely with Training department and IT Management to customize Security Awareness training program to best educate employees on current security issues, best practices, and vulnerabilities.Work closely with Training department to customize Phishing Attack Testing program to best educate employees on current security threats and best practices.Work with groups such as IT Management, Network Administrators, Network Engineer, and Training department to build awareness and a sense of common purpose around security. Knowledge, Skills, and AbilitiesAbility to work in a collaborative manner with technical and non-technical personnelMust possess a high degree of integrity and trust, along with the ability to work independently.Requires good interpersonal skills, ability to function in a fast paced, short-deadline environment, and the ability to come up with innovative cost-effective decisions.Ability to manage multiple issues and projects at the same time.Strong technical skills is a plus, including knowledge of applications, network infrastructure, Active Directory, Citrix, LDAP, and various security tools.Must be able to understand and discuss detailed network and encryption terms, such as IP routing, web filtering, and web routing.Ability to communicate effectively with all levels of the organization's workforce, while maintaining appropriate confidentiality.Ability to weigh business risks and enforce appropriate information security measures, intrusion detection, access control to facilities, and access control to computers.Possess excellent writing and communication skills to effectively develop policies, and procedures, reports and documentation.Knowledge and experience in information privacy laws, access, release of information and risk assessment.Must be able to travel occasionally.Must be able to lift equipment weighing 45 pounds.EEO StatementWalker& Dunlop is an equal employment opportunity employer and does not discriminate based on race, color, national origin, religion, gender identity, sexual orientation, sex, disability, veteran or military status, genetic information, or any other characteristic protected by applicable law.