Job Description:

Information Security ManagerIndianapolis, IN (hybrid work structure) Contract to Hire3+ years of experienceIs your CV ready If so, and you are confident this is the role for you, make sure to apply asap.The Information Security Manager position is responsible for collaborating with supported agencies and departments on Cybersecurity strategy, helping to ensure secure Enterprise and Department-level Configuration and Supply Chain Management for IT Services and solutioning. Position manages the development of standards, best-practices, guidelines, and policies for how those services, solutions, and their accompanying data, should be implemented and maintained in the future in line with the state agency's IT Governance Plan. Key ResponsibilitiesAssist in the management of the budget for the information security function, monitoring, and reporting discrepanciesCollaborate in the development of an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandateDevelop, implement, and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled, or/and processed by the organizationWork effectively with business units to facilitate information security risk assessment and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levelsCollaborate with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agenciesManage the enterprise architecture team building alignment between the security and enterprise architecture, ensuring that information security requirements are implicit in these architectures and security is built in by design. Coordinate and communicate the enterprise architecture with the Enterprise IT Operations team to ensure smooth IT governance throughout the ITIL delivery cycleManage a risk-based process for the assessment and mitigation of any Enterprise information security risk posed by supply chain partners, vendors, consumers and any other third partiesManage the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findingsManage technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing riskManage and contain information security incidents and events to protect state agency's IT assets, confidential information, regulated data, and the state agency's reputationMonitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of actionCoordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support, and in-house consulting in these areas.Day to Day security services through Managed Services Provider and Direct ReportsDocumentation:Manage and enhance an up-to-date information security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity FrameworkManage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulationsManage a document framework of continuously up-to-date information security policies, standards, and guidelines. Autonomously prepare reports and audit findings remediation plans in response to Internal audits, penetration tests or vulnerability scansBrooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.