Role: Information Security Manager
Salary Range: $90-110k plus leadership bonus
Location: Portland, OR (Hybrid role, some remote)
The Information Security Manager (ISM) develops, implements, and monitors the Company's cyber and physical security programs, providing security guidance to multiple departments and functional areas responsible for delivering solutions. The ISM identifies and prioritizes security related requirements, promotes secure-by-default designs, and facilitates the delivery of information and physical security services. The ISM has significant responsibility related to external audit and 3rd Party risk management activities.
* Manages data and cybersecurity protection and oversees technology and physical security governance and policies.
* Contributes to the development of security strategy and security architecture.
* Develops and oversees implementation of security awareness programs and security incident response.
* Provides strategic risk guidance for IT projects, including evaluation and recommendation of technical controls.
* Educates IT and leaders on appropriate security risk and mitigation strategies.
* Collaborates and coordinates with IT for both internal and external audits, to ensure security programs follow relevant laws, regulations, and policies.
* Develops, maintains, and publishes up-to-date security policies, standards, and guidelines. In collaboration with HR, ensures training and dissemination of security policies and practices.
* Evaluates new cybersecurity threats and IT trends and develop effective security controls.
* Evaluates potential security breaches, coordinates response, and recommends and initiates after approval corrective actions.
* Supervises staff as assigned in the performance of the job duties.
* Defines and reports on information security metrics.
* Provides direct oversight and control of the physical security of the organization's locations and assets. * Provides project management and leadership to staff and external resources in support of established goals and objectives, improved efficiencies, and problem resolution.
* Ensures accomplishment of all objectives by following company policies, procedures, and strategic direction, as well as regulatory standards governing the company.
* Maintains current knowledge of the industry and regulatory trends and developments for enterprise technology 2 Click here to enter text.
* Completes additional tasks as assigned by Chief Information Security Officer. ADDITIONAL RESPONSIBILITIES
* Demonstrates behavior consistent with DMS Values and Code of Conduct
* Adheres to all DMS policies and procedures at all times.
* Learns and adheres to all Information Technology and data security policies, standards, guidelines, and procedures
* Learns and adheres to DMS rules and established policies for workplace health and safety
* Completes all required compliance training on time and in good faith
* Bachelor's Degree in related field.
* 5-8+ years of relevant experience and increasing responsibility in the information security space
* Significant experience in SOC II principles, audits, and remediation.
* Significant experience with top cybersecurity frameworks such as ISO 27000, NIST SP 800-53, CMMC, etc.
* Expertise in the core knowledge and practice of cybersecurity.
* A higher-level certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and/or Certified Information Security Manager (CISM) preferred.
We are an equal opportunity employer and make hiring decisions based on merit. Recruitment, hiring, training, and job assignments are made without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, or any other protected classification. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.