Company: APi Group
Location: New Brighton, MN
APi Group in New Brighton MN seeks an IT Security Manager to lead the corporate security strategy, oversee the security program, and develop the security architecture for the organization. This leader will be responsible for all data/information security policies, standards, evaluations, roles, organizational awareness, security technologies and services, physical and logical access control, and developing and implementing a disaster recovery playbook. The IT Security Manager will work closely with IT Leadership, and APi companies throughout North America and the United Kingdom to ensure the security of the organization's data. The APi Group security platform embraces the foundational Microsoft security stack including EOP, ATP, and MFA.
- Minimum of 7 years of experience in information technology.
- 5+ years of experience in a leadership role managing information security.
- Bachelor’s degree in information security, Computer Science, Management of Information Systems, or related field required, or, equivalent professional experience.
- Enterprise wide expertise with information system disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
- Expert level understanding of computer security concepts including Identity & Access Management, Network Security, Application Security, Incident Management, and Risk & Compliance.
- Successes creating and maintaining effective documentation, including policies, processes, and procedures.
- Business system continuity planning, auditing, and risk management experience as it relates to information security.
- In depth knowledge of Sarbanes Oxley, 404(a) and (b), and SOC 2 audits.
- High personal quality standards and attention to detail.
- Willingness and ability to work core hours Monday through Friday in New Brighton, MN headquarters. This is not a
telecommuter (remote) position.
- The ability to travel up to 10% of the time to APi partner companies. (Overnight travel)
- One or more of the following certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- (or other security industry certifications)
- Strong knowledge of Microsoft O365 and cloud technology, security, principles, and practices.
- Ability to lead meetings in order to discover existing business processes, advise on best-fit technologies, gather requirements, and drive to client and drive project execution.
- Strong problem-solving skills.
- Create and maintain support documentation.
- Documenting operational processes and problem resolutions.
- Motivated to learn and seek guidance.
- Excellent verbal and written communication skills.
- Knowledge of process and workflow design and management.
- Knowledge of quality management, tools and techniques.
- Process and workflow design.
- Familiar with Cisco networking.
You will be responsible for the following functions:
- Develop, implement, and monitor strategic and tactical plans, comprehensive enterprise information, and the security and risk management program to ensure the confidentiality, integrity, and availability of information owned, controlled, or processed by the company.
- Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices in the APi security management framework.
- Lead the day to day operations of the Information Security team including training, staff development, and third-party partnerships.
- Responsible for hiring, developing, appraising, discipline, and approving time and attendance of subordinates.
- Mentor and coach IT professionals.
- Manage security regulatory and compliance requirements.
- Manage periodic security assessments, vulnerability assessments, and business continuity tests in accordance with best industry practices.
- Develop metrics and reporting for measuring and improving the effectiveness of the overall information security framework.
- Drive continuous improvement, improving service levels and reducing the overall risk exposure for the organization.
- Assess risk and continuously perform gap analysis on the security controls and strategy.
- Propose changes to decrease risk while improving protection of APi Group customer data.
- Manage security incidents and events to protect corporate IT assets, and act as the primary corporate control point during follow-up on significant information security incidents.
- Provide strategic risk guidance and advocacy for infrastructure investments and IT projects including project prioritization, and the evaluation and recommendation of technical controls.
- Oversee the coordination of IT Business Continuity and Disaster Recovery planning to ensure IT systems can respond to a disaster so that critical business functions can be resumed within a defined time frame and data loss is minimized.
- Actively embrace our IT playbook.
- Engage in, contribute to and promote “Communities of Excellence.”
- Partner with IT Directors to demonstrate a “standard of excellence” in the APi employee and IT employee roles.
- Build relationships, provide work coordination and act as an IT liaison with other APi Companies, departments, and strategic partners.
What you are known for:
- Success leading enterprise-wide information security policies, standards, procedures and guidelines.
- Expertise with security software and hardware products, network security, risk assessments, audits, security architectures, business continuity and disaster recovery, incident command practices, cryptography technologies, authentication methods, virus protection, intrusion detection, access control systems and methodologies, biometrics, and privacy issues.
- Partnering with highly technical and diverse teams that provide enterprise information security support.
- Leading staff, coaching and role modeling skills.
- Communication skills, working well with IT leaders, and non-IT executive leaders, capable of understanding and communicating well with technical and non-technical resources.
- Excellent organizational skills and analytic, problem-solving skills.
- Impeccable confidentiality, attention to detail, and self-organization.
Medical, Dental, Life Insurance, Long-Term Disability, 401K.
This is a full-time, exempt position reporting to the Senior Director of IT.
See all of our current job openings.