Information Technology - IT Security Manager
IT Security Manager
Dept: Information Technology
Position Reports To: VP of IT
Full-Time / Exempt
General Description: This position will fill a critical role for the organization in managing security policies and standards to prevent unauthorized access to company assets and/or information. The primary responsibilities include assessing risks and driving security policies/governance/compliance across the organization (including third-party vendors) to ensure secure configuration of systems and appropriate awareness of employees. This position will also focus on ensuring organizational compliance with PCI-DSS, PII, HIPAA, and NFL Security guidelines. In addition, the position will be responsible for security monitoring, incident response, engineering/threat/vulnerability management, and identity and access management.
Primary Job Duties:
1. Set the vision for enterprise security strategy and execution roadmap
Establish, maintain, and optimize security policies and implement those policies on all data and systems, voice networks, local area and wide area networks, communications software, equipment, and network facilities, using the most secure configuration and the most efficient structure for both on premise and cloud environments.
2. Perform security audit for compliance standards
Develop security guidelines and policies to address and test compliance with regulatory requirements and standards, such as PCI-DSS, PII, DHS, HIPAA, and all other relevant security standards. Manage recurring NFL-initiated risk assessments and audits intended to identify potential risks, concerns or deficiencies in the organization’s information technology ecosystem.
3. Maintain integrity of network systems and platforms
Ensure that OS, VPN, SSH, VLAN, IDS-IPS systems are updated with patches and backed up regularly. Ensure the security and integrity of all networks and data. Develop, implement and test disaster recovery policies and procedures and establish contingency plans for business continuity purposes.
4. Monitor security
Manage the security and integrity of the network, applications, servers, and endpoints by monitoring security logs and checking for suspicious activity, security problems, or errors. Investigate and resolve irregularities immediately. Track historical activity for trends or patterns for future comparison and planning.
5. Develop security training/support for all company employees
Select security training videos for ongoing training of all employees and review and enforce employee compliance. Ensure employee devices are properly equipped with endpoint protection software to protect against all security threats and to safeguard the integrity of equipment/data.
6. Document security policies and processes
Establish written log of all requests and problems, noting the resolution for future reference. Document new systems/software and the related processes used for each one. Document compliance to ensure written record for regulatory purposes.
Position Requirements (Technical):
- Bachelor of Science degree in Information Technology or related field preferred
- 5-7 years of experience in a security role.
- Previous experience with security design and standards, along with hands-on network security experience using Active Directory, firewall, IDS/IPS, email security, log monitoring, vulnerability scanning, web filter.
- Previous experience with PCI-DSS, HIPAA, DHS cyber security, cloud security and other security standards and compliance audits
- Previous experience with disaster recovery and business continuity planning
- Experience in troubleshooting and resolving security concerns.
Required skills (non-technical):
- Excellent communication and documentation skills.
- Experience working on teams under tight deadlines with high pressure in dynamic competitive, yet fun, environments.
- Strong and effective problem-solving skills related to information security and the ability to translate and communicate with non-IT employee population.
- Must have an action orientated personality that is driven with the ability to successfully work in a small-scale IT team environment.
- Passion for sports preferred.
- Ability to work occasional extended hours, including nights, weekends and holidays (if necessary), as well as all Ravens home games.
This position will work in the office 4 days out of the week and will be remote 1 day out of the week
COMPENSATION: Commensurate with experience.
To be considered for this position, applicants must complete the online application, answer the screening questions, submit a resume and submit a cover letter. Any applications that are missing the required information will not be considered.
Covid Vaccination Requirement:
Baltimore Ravens employees will be required to be fully vaccinated against COVID-19 to work. Fully vaccinated means that it has been at least two weeks since you received the single dose of the J&J vaccine or two weeks after receiving the second dose of the Pfizer or Moderna vaccine. Therefore, proof of a COVID-19 vaccination will be required by your start date in order to be eligible to begin working.
The Baltimore Ravens is an EEO employer and does not discriminate on the basis of an applicant's or employee's race, gender, age, national origin, color, religion, disability or any other protected basis under applicable law.
- Pay Type Salary