Information Security Manager / Director
Reports to: GM, CIO / CISO
LOCATIONS: Hybrid, close to any sister company location in US (Burris, Steiner eOptics, Beretta USA, Benelli USA, Norma USA, 3Arrows)
JOB SUMMARY/OBJECTIVE:
We are seeking an experienced cybersecurity professional with a focus on infrastructure/network security, who will be responsible for the organization's security program including, but not limited to:
· Ensuring the confidentiality, integrity and availability of systems, networks, and information.
· Development, implementation, and maintenance of policies and procedures of the enterprise information security program.
· Daily operations of the enterprise information security program.
· Oversight of the annual and ongoing risk assessment process and cybersecurity governance.
· Monitoring/achieving compliance programs, internal and external audits.
· Practicing and executing the incident response plan.
· Building the cyber security team
The position is highly visible and set to become directly responsible of all cyber security and data privacy for the Beretta Group in North America.
TECHNICAL SKILLS
- Network security
- Cloud Security (Azure)
- Infrastructure technical expertise
- Experience working with HR, legal, audit and compliance staff.
- Familiarity with applicable legal and regulatory requirements in cybersecurity and data privacy. Exposure to any combination of the following: PCI DSS, NIST SP 800, NIST SP 800-171, CMMC 2.0, GDPR, CCPA/CPRA.
- Knowledge of, and experience in, developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- A deep understanding of operating systems and network protocols.
- Expertise in system technology security testing (vulnerability scanning, patching/upgrading and penetration testing).
- Expertise with the design and execution of a formal Incident Response Process, DR and Business Continuity process.
- Experience with developing and monitoring security KPIs as well as measuring the efficiency and effectiveness of security controls
- Ability to keep the organization up to date with the development of the global cyber threat landscape.
- Ability to build a cybersecurity culture in our organization
- Familiarity with some of the following technologies: Crowdstrike, Mimecast, M365 security, Azure security, Palo Alto Network, InTune, ManageEngine, Pentera, Imperva, VPN, Firewalls, MFA, SSO, etc.
OTHER SKILLS
- Ability to travel to other Beretta Group locations in North America.
- Ability to sit at a computer for extended periods of time.
- Ability to build strong relationships at all levels and all business units.
- Ability to build consensus bottom-up in a matrix environment
- Leadership, presentation skills and ability to effectively attract, develop and retain a team of people.
EDUCATION
Master’s Degree or equivalent in Information Technology or Cybersecurity
CERTIFICATIONS:
REQUIRED (+2 from the list below or equivalent)
- (ISC)² CISSP
- ISACA CISM
- Comptia Security+
- (ISC)² SSCP
- ISACA CRISC
- ISACA CISA
- CISCO CCNA
- EC-COUNCIL CEH
- PMI Project Management Professional (PMP)
- MCSE: Core Infrastructure
- Microsoft 365 Certified: Enterprise Administrator Expert
- Microsoft 365 Certified: Security Administrator Associate
- Microsoft Certified: Azure Administrator Associate
- Microsoft Certified: Azure Security Engineer Associate
EXPERIENCE/EDUCATION:
A minimum of 10-year work experience in Information Technology or Cybersecurity.
At least 5 years’ experience in (co-)developing and (co-)leading a comprehensive Enterprise Information Security Program.
At least 5 years’ experience in management positions.
OTHER JOB FUNCTIONS:
Troubleshoot a wide variety of security controls issues.
Perform other duties as assigned.
WORKING CONDITIONS/PHYSICAL DEMANDS:
Utilization of PC and midrange computer systems.
The job may require lifting of equipment not in excess of 30 pounds.
Work is performed in a professional group office environment.
Disclaimer: The above job description is not intended as, nor should it be construed as, exhaustive of all responsibilities, skills, efforts, or working conditions associated with this job.
Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions of this job.