Topcon

IT Information Security Manager

Requisition ID
2017-1918
Employment Status
Regular Full-Time
US-CA-Livermore

Overview

The IT Information Security Manager will be responsible for the strategic leadership, vision, alignment, definition, architecture, implementation, and operational oversight of Information Security for Topcon Positioning Systems globally. This position will be accountable to define and implement Information Security policies, operational practices and procedures for Topcon’s global operations, as well as its products, and has a mandate to identify, quantify, manage and reduce Information Security related risks to the Company's global assets, business and technical operations.

Responsibilities

• Provides enterprise-wide leadership, vision and managerial oversight in the development and implementation of Topcon’s cyber security strategy.
• Defines (and enforces compliance with) state-of-the-art policies, processes and standards meeting global and regional regulations/requirements and achieves appropriate policy balance between business needs and risk exposure; maintains awareness of changing legislative and regulatory landscape impacting policies.
• Identifies and relentlessly pursues security protection roadmap, goals, objectives and metrics supporting Topcon’s strategic plan and priorities; establishes Service Level Agreements (SLA) with Topcon business units and Internal Audit teams where required.
• Employs and utilizes information security control framework and research on emerging trends and technologies to inform and guide investments and activities aimed at ensuring the availability, confidentiality and integrity of Topcon assets. Conducts assessments of controls to measure their effectiveness and identify gaps.
• Develops annual budget related to information security initiatives, tools, services and operations and tracks ongoing spend against budget.
• Coordinates with global infrastructure and security staff members to plan, schedule and deliver security related projects and initiatives.
• Develops and runs education initiatives across company business functions to enhance security awareness, educating employees as well as other security professionals on risks, best practices, policies, requirements and compliance. Trains other security professionals.
• Builds relationships with, consults with and provides information security expertise to IT and Business Unit key stakeholders, and acts as primary change agent to facilitate improvements in information security.
• Coordinates security risk and control assessments, scans and audits, including regulatory compliance audits or customer originated audit requests, as needed and provides reporting, oversight and tracking of remediation efforts and responses associated with identified compliance or control issues.
• Develops and maintains comprehensive security Change, Incident Response and Problem Management capabilities leading to reduced business impacts.
• Identifies, collects data, prioritizes and reports on global information security risks, deployment projects and operational metrics.
• Responds to all security breaches and significant security events and leads the development and maintenance of appropriate event tracking / reporting systems. Collects forensic evidence and artifacts, and documents findings to support conclusions. Coordinates security engagements with public law enforcement, fire and other agencies.
• Leads team in acquiring and maintaining all information security tools and services such as endpoint protection, IDS/IPS and other security systems, often in a Service Owner role; maintains relationships with security vendors.

Qualifications

• Bachelor's degree in a technical discipline is required; advanced degree is a plus
• Must have current GSLC/CISSP/CISM or equivalent security certification(s)
• 5+ years Security Professional with experience developing and administering information security services or programs, and 10+ years Information Technology experience, is required.
• Must have 2+ years previous experience as a supervisor or manager of other technical professionals, with direct hiring/firing responsibilities.
Knowledge, Skills, and Abilities:
• Candidate must have the proven ability to serve as an effective Information Security leader; form, manage and lead advisory committees and interact effectively with law enforcement, data owners, auditors, business leaders/stakeholders, consultants and vendors.
• Critical and strategic thinking are important for this role. Candidate must comprehend the connections across functions and can view information security challenges from multiple perspectives. He/she must also be able to balance short and long range considerations and tradeoffs.
• Requires excellent communication, interpersonal and relationship management skills; candidate must be comfortable interacting with very senior or executive level staff across the organization, as well as being adept at managing relationships with external parties.
• Must have very strong negotiation and influence skills, and can identify appropriate negotiating approaches and solve for the optimum win-win outcome. Previous experience negotiating policies and compliance with various stakeholders would be highly beneficial to achieving the best outcomes in this role.
• Candidate must possess some experience with business continuity, disaster recovery, auditing, risk management, vulnerability assessments, and cyber-security and incident management.
• The ideal candidate will have excellent technical, troubleshooting, organizational and problem solving skills and a great work ethic.
• Has strong fundamental knowledge of information system penetration techniques and risks, cybersecurity frameworks (NIST and ISO 27000 preferred) and has practical hands-on experience investigating and remediating active threats.
• Ideally has first-hand experience setting up formal IT security governance and operations (e.g. steering committees, IT Security Operation Centers (SOC), etc.
• Requires familiarity with the following technologies which are essential for this role: Next generation firewalls, data and drive encryption, CA/PKI, Microsoft Windows, Active Directory and group policy (IAM), SAML Single Sign-On, Windows patch management, anti-virus, IDS/IPS and vulnerability management tools.
• Possesses knowledge of industry best practices in network, application, hardware and OS platform security and global security standards and compliance frameworks (e.g. HIPAA, PII, PCI, etc), as well as audit and assessment methodologies in these areas.
• Background and familiarity with IT infrastructure methodologies, processes, and practices (including SAS70, SSAE 16 Type II, ITSM/ ITIL) is required.
Other Requirements:
• Some national or international travel (including EU, Russia and China) may be required. Must have valid passport for travel with no restrictions.
• Position requires some on-call availability and off-shifting of hours to support incident response needs

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.