SR ENT Information Security Manager
Bellevue
Exp 10-15 years
Deg Bachelors
Relo
Bonus
Job Description
The Information Security Manager, working with in Corporate Information Security Team will be responsible for liaising with assigned business units on behalf of Corporate Information Security (CIS). These responsibilities will include understanding business-driven projects that involve network and information security, applications, networking and web based technologies. They will be responsible for understanding the Business Unit’s processes and priorities and working with them to manage business impact and threats, through a risk based methodology. Ensures through positive engagement that business goals are met in a secure and compliant manner, according to industry standard regulations
Qualifications
Ideal Candidate will have:
Candidate must have strong technical, influential and organizational skills.
Prefer six years’ experience in information security related discipline, in addition to several years’ relevant systems and/or network administration experience.
Expert relationship building and partnering skills, including persuasion, negotiation and consensus building.
Experience translating emerging IT and business trends into meaningful risk reduction opportunities.
Demonstrated ability to work effectively in a complex matrixed environment.
Outstanding verbal and written communication skills.
Ability to interpret business strategy and align to appropriate security enhancements to achieve business enablement.
Ability to translate security requirements into business risks and impacts.
Experience with high level design Architecture, Firewall, Internet, LAN Router, Network, Protocols, Web Services and SOA.
Strong understanding of encryption, obfuscation and/or tokenization technologies or compensating controls.
Appropriate industry certifications, such as CISSP, CISA or CCIE.
Preferred skill: Bachelor degree in Computer Science, Information Security, Information Management, or other related discipline.
Telecommunications industry expertise, Six Sigma Training, Audit, Compliance & Network experience preferred.
Skills and Qualifications:
A broad, enterprise-wide view of the wireless (or similar) business and understanding of strategy, processes and capabilities, enabling technologies, and governance. Experience in telecommunications, internet service provider, or application service providers a plus.
The ability to apply Information Security principles to business solutions.
Extensive experience planning and deploying both business and technology security initiatives.
Exceptional communication skills and the ability to convey results in a summarily and persuasive manner to business owners. This includes written and verbal communications as well as visualizations.
The ability to act as liaison conveying information needs of the business to technology teams and technology constraints to the business.
Team player able to work effectively at all levels of an organization with the ability to influence others to move toward consensus.
Knowledge of federal & compliance regulations e.g. SOX, PCI & CPNI.
Good understanding & experience applying CoBIT, ISO, ITIL, NIST frameworks.
Understanding of Local (Wired & Wireless), Wide area, and mobile networks.
A good understanding of Network Security, Firewalls, Intrusion Detection and Prevention, AVS, VLANS.
Strong background and experience in IP Networking and Routing Protocols.
Fluency in the use of all MS Office applications, including SharePoint services.
Qualifications
• Preferred: Any of the following
CISSP, CISA, CISM, C-RISC, CCNA, CCIE, Six Sigma Yellow/Green/Black Belt
Education
Minimum Required
High School Diploma/GED
Education/Vocational Training/Experience Preferred
Bachelor’s degree in Computer Science, Information Technology or related field from an accredited 4-year college or university
10 years of system, network, and application design and architecture experience. Preferably in the wireless communications space
CISSP and or CISM Certification (required; experience may be substituted for Cert requirements (4 years minimum)
CISA Certification (preferred but not required; experience may be substituted for Cert requirements (4 years minimum)
Responsibilities
What you will do:
Make proactive assessments of threat information in and outside the public domain, understanding the threat as it relates to T-Mobile and its customers, and implementing measures to combat the threat.
Understand the operations of the business and comprehend how these create value and risk for the organization.
Collaborate with team members, peers and the business unit management team to determine technical information security requirements, planned remediation, and advocate for the program to gain resources to implement appropriate protection technologies and processes.
Implement and monitor controls necessary to ensure operational processes are performed and are effective to protect the environment from all forms of malicious cyber activity.
Assist the Governance group in the development and refinement of technical security standards, key performance indicators and other necessary processes to maintain effective operational security, as it relates to the business.
Make risk-based decisions on a daily basis that has the potential to impact T-Mobile's ability to operate and communicate.
Ensure the information and network security controls for T-Mobile are appropriate and operating as intended; includes solutions that are directly controlled as well as security solutions that are operated by other internal and external groups.
Provide status reports on a weekly, monthly and quarterly basis to business managers and other management activities that demonstrate the health of the program.
Interact with internal audit, third party auditors, and appropriate regulatory bodies.
Support the Information Security policy lifecycle throughout, including all aspects of intake, creation, review, approval, implementation, publishing, communication and maintenance.
Liaise with and assist outsourced security service providers with vulnerability assessments of business applications, systems and architectures