Title:  Manager, IT Security

Position Summary: 
The Manager, IT Security at I-CAR plays a critical role in safeguarding I-CAR's information and technology assets. This position is responsible for defining and implementing the information security strategy of the organization, focusing on maintaining the confidentiality, integrity, and availability of sensitive information. The IT Security Manager will lead security initiatives, respond to incidents, and guarantee compliance with various regulations and standards, helping to protect the organization's digital infrastructure in an increasingly complex threat landscape. Reporting directly to the VP of IT, the Manager will provide strategic leadership, thought leadership, and technical expertise in information security. This role also involves educating and influencing internal stakeholders to foster a strong security culture across the organization.  

This is a highly collaborative role that requires a strong blend of technical knowledge and strong interpersonal skills and influence.  

Essential Job Functions:  

1. Monitor Operations and Infrastructure: Oversee IT operations to ensure robust implementation of security protocols and protect against cyber threats. 

2. Maintain Security Tools: Manage and optimize security systems ensuring tools are current and functioning effectively. 

3. Policy Monitoring: Monitor and enforce compliance with internal policies and external regulatory requirements. 

4. Team Leadership: Provide direct leadership to a small security team and indirect leadership to the broader IT team, emphasizing a culture of cybersecurity. 

5. Incident Management: Lead the response to moderate to moderate and complex cybersecurity incidents minimizing disruption and ensuring timely resolution. 

6. Security Strategy Development: Design and implement comprehensive security strategies and programs that safeguard the organization’s data. 

7. Integration of Security Practices: Ensure that security measures are seamlessly integrated into every stage of the product development lifecycle is key to maintaining robust security standards. 

8. Risk Assessment: Identify and assess threats and vulnerabilities and deliver comprehensive risk briefings to senior leadership.  

9. Metric Tracking: Track and report on key security metrics, risk, and incidents to senior leadership, aiding strategic planning and continuous improvement. 

10. Vulnerability Management: Conduct regular vulnerability scans and coordinate remediation efforts across systems and applications. 

11. Identity and Access Management: Oversee access control policies, user provisioning, and authentication systems to secure organizational data. 

12. Vendor and Third-Party Risk Management: Evaluate third-party vendors and cloud providers for security compliance and manage ongoing risk exposure.  

13. Security Awareness Training: Develop and deliver training programs to build cybersecurity awareness across the workforce. 

14. Security Metrics and Reporting: Track KPIs, document incidents, and present reports to stakeholders and leadership. 

15. Collaboration with Legal and Compliance: Partner with legal counsel to assess cybersecurity risks and ensure contractual regulatory obligations are met. 

Adherence to I-CAR Management Principles:   

At I-CAR, each of us has the duty to live into our Core Beliefs & Values as we continuously strive to fulfill our vision and mission, as well as our strategies, programming in function annual planning, all for the benefit of our industry stakeholders, whom we serve with honor.   

Our leaders are called to model, encourage, support and acknowledge excellence in all that we do, and apply ongoing continuous improvement, in pursuit of the same. As a leader, you role-model and ensure that all team members live into I-CAR’s Management Principles.  

Education and Experience Education:

1. Bachelor’s degree in Computer Science, Information Security, Information Technology or a related field required. Master’s degree in Cybersecurity is a plus. 

2. Certifications: CISSP, CISM, CEH, CompTIA Security+, or GSEC are strongly preferred. 

3. Experience: 5-8 years of progressive experience in IT security with at least 3 years in a leadership position or management role. 

• Demonstrated experience in developing and implementing security programs, managing incidents and leading teams. 

4. Technical Skills: Strong understanding of cybersecurity principles, risk management, vulnerability assessment, security operations and threat intelligence. 

• Experience with tools such as SIEM, IDS/IPS, endpoint protection, firewalls and cloud security platforms (AWS, Azure, GCP). 

5. Leadership Skills: A proven ability to effectively lead cross-functional teams, mentor staff, and influence stakeholders at all levels. 

6. Analytical Skills: Strong analytical and problem-solving skills, with a data driven approach to assessing threats and designing mitigation strategies. 

• Ability to balance tactical in security operations with strategic planning. 

7. Communication Skills: Excellent verbal and written communication skills, capable of explaining complex security concepts to non-technical stakeholders.