The IT Cybersecurity Manager provides operational support, business and technical advice on a wide variety of information security issues, concerns, and problems and ensures that all business applications and processes developed in-house or developed by outsiders on behalf of Phillips Edison & Company include adequate security and control measures.
Essential Duties and Responsibilities:
Information Security: Provides expertise and information risk control consultation as it pertains to Phillips Edison & Company information systems and infrastructure. Regularly consults with business leaders to understand security needs and impacts of security decisions on business processes as well as to communicate risks. As part of project development or business application or process enhancement, assists in the development of cost-effective and practical information security systems, procedures and controls. Participates as a technical advisor for a variety of ad-hoc information security projects that will be dictated by current business and technological developments. Provides a supporting role in developing and implementing information security standards, policies and procedures best fit for the organization. (40%)
Security Analysis & Access Control: Perform daily operational access control requests to required systems for business users. Manage and monitor IT security systems to identify, protect, contain and remediate ongoing cyber threats. Work closely with internal staff and third-party vendors to facilitate annual penetration testing, internal and external audits. Lead the IT organizational change management process, ensuring proper testing and business approvals throughout the software development life cycle. (40%)
Vulnerability Management: Works alongside third-party vendors for endpoint protection, perimeter security, data loss prevention and log analysis tools to address information security related issues and findings, ensuring that remedial actions are taken, and long-term solutions are executed to mitigate future underlying risks. Utilizes third-party tools to provide cybersecurity awareness training to organizational end-users on a regular basis. (20%)
Education / Experience Requirements:
Bachelor's degree or appropriate combination of education and equivalent experience preferred.
5+ years of experience in IT security operations
Demonstrated knowledge of risk assessment and vulnerability management methodologies
Proficient in network technology, infrastructure support, server management and maintenance
Knowledge of regulatory compliances and frameworks such as NIST, ISO, SOX, SSAE18, SOC2, COSO, CCPA, SEC and PCI-DSS
Ability to interact with all levels of management and staff
Ability to prioritize workload
Strong communication skills (written and oral)
Strong process-oriented with sound judgment, attention to detail, accuracy, and follow-through
Strong customer service orientation
Certified Information Systems Security Professional (CISSP) preferred
Microsoft Certified Systems Engineer (MCSE) preferred
Information Technology Infrastructure Library (ITIL) preferred
Certified Associate in Project Management (CAPM) preferred
Third Party Recruiters: We do not accept unsolicited resumes from any source other than from the candidates themselves. Any agency or independent recruiter must have a signed agreement with us before presenting candidates. Submission of unsolicited resumes without a signed agreement will not create any obligation on our part.
Experience
Preferred
5 - 10 years: IT security operations
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)