Information Security and Risk Manager
Parsons Brinckerhoff - Lancaster, PA

This job posting is no longer available on Parsons Brinckerhoff. Find similar jobs: Information Security Risk Manager jobs - Parsons Brinckerhoff jobs

Under the supervision of the Enterprise Director of Information Security, at our new shared services facility in Lancaster, PA, manage major global Information Security initiatives, projects and programs in the areas of policy compliance, security architecture standards and controls related to best practices for Information Security Management. The major duties are as follows:

Assist the Enterprise Director of Information Security in building an information security program based on ISO 17799 by analyzing information security and IT operations processes, identifying deficiencies and developing recommendations for PB-specific controls for compliance. Assist the IT team with successful implementation of these controls and documenting the related processes.

Develop a framework of ISO 17799-compliant information security policies, standards, and controls in coordination with PB regional IT and assist with the implementation of controls required for compliance. In this capacity, will liaise with other functions in the enterprise, e.g. Finance, HR, Legal, Administration.

Manage the development of a data classification program and assist with monitoring compliance.

Represent IT on the PB Litigation Readiness team.

Assist Enterprise and regional IT in developing a Business Impact Analysis process to improve PB’s DR preparedness program. Manage the annual audits of all PB regions for compliance with the DR Policy.

Provide security consulting and technical assistance with the evaluation, selection, architecture design, and deployment of new IT systems.

Manage the development and on-going maintenance of a security audit and risk assessment program. Conduct security audits and vulnerability assessments and provide risk assessment reports.

Coordinate, investigate, and conclude information security incidents.

Communicate with the Regional Information Security liaisons, IT systems administrators, and application developers to identify security risks, ensure policies are consistently applied and provide general support on information security related issues.

Analyze security data from the outsourced security service and identify areas of risk and opportunities for improvement.

Manage the completion of remediation work related to internal and external audit commitments.

Manage the PB IT software licensing program to ensure an effective and efficient licensing program and license compliance.

College degree in Computer Science, Information Management or a related field is required, MS in Computer Science or Information Management is a plus.

CISSP, SSCP, GIAC, or related certification desirable, will be required to certify if not certified.

At least ten years experience in information security administration or risk management as primary responsibility

Hands-on experience with an ERP, MS Windows and UNIX security is required

Experience performing security audits and/or vulnerability assessments

Solid understanding and knowledge of information security terminology, technology, and concepts

Extensive experience with ISO 17799, CoBiT, ITIL, CMM or similar frameworks is required

Excellent written and verbal communication and inter-personal skills

Ability to communicate at all levels in the organization and solid business analysis skills

Parsons Brinckerhoff - 2 years ago - save job - copy to clipboard
About this company
80 reviews
Parsons Brinckerhoff is a leader in developing and operating infrastructure around the world, with approximately 14,000 employees dedicated...