Sr. Manager, IT Security

The IT Security Senior Manager is a leader of the OSI's information security function that ensures consistent and high–quality information security management in support of the OSI's goals. This resource is expected to be fully aware of the OSI Group's security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.

• Manages the information security team, consisting of direct reports. This includes hiring training, staff development, performance management and annual performance reviews.

• Lead day–to–day information security operations of OSI's security solutions to drive the identification, investigation, and resolution of security breaches detected by those systems.

• Oversee information security operations, including monitoring and analyzing security alerts and logs, managing security tools and technologies, and implementing security controls.

• Lead and monitors the initiation, progress and completion of core information security projects and initiatives in alignment with the OSI Information Security Program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled, or/and processed by OSI.

• Develops and enhances an up–to–date information security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

• Ensures that security is embedded in the OSI project delivery process by providing the appropriate information security policies, practices, and guidelines.

• Manages and contains information security incidents and events to protect OSI's IT assets, intellectual property, regulated data, and OSI's reputation.

• Conduct third–party risk assessments to evaluate the security posture of vendors and partners and mitigate potential risks.

EEvaluate new software and technology solutions for security vulnerabilities and risks, and make recommendations for mitigation.

• Coordinates incident response plans and procedures to ensure that business–critical services are recovered in the event of a security event; provides direction, support, and in–house consulting in these areas.

• Monitors the external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.

• Builds and nurtures internal and external networks consisting of industry peers, ecosystem partners, vendors, and other relevant parties to address common trends, findings, incidents, and cybersecurity risks.

Strategy & Planning

• Actively participation in the planning and design of enterprise security architecture, under the direction of the Chief Information Security Officer, where appropriate.

• Oversee the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the Chief Information Security Officer, where appropriate.

• Lead in the planning and design of business continuity plans and disaster recovery plans, under the direction of the Chief Information Security Officer, where appropriate.

Acquisition & Deployment

• Maintain up–to–date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.

• Recommend and lead the implementation and management of additional security solutions or enhancements to existing security solutions to improve overall OSI Group enterprise security.

• Oversee the deployment, integration, and configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the OSI Group's security documents specifically.

Operational Management

• Serve as an expert technical resource, to advise and assist in security issues, both proactively and reactively.

• Oversee the creation, evaluation and implementation of policies and procedures; monitoring standards; and, incident investigation procedures to minimize security vulnerabilities and exposures.

• Lead the maintenance of up–to–date baselines for the secure configuration and operations of all in–place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices).

• Ensure that the OSI Information Security team maintain operational configurations of all in–place security solutions as per the established baselines.

• Oversee the monitoring processes of all in–place security solutions for efficient and appropriate operations.

LLead the review of logs and reports of in–place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices).

Interpret the implications of that activity and devise and lead plans for appropriate mitigation and/or resolution.

• Lead investigations, analysis and report on security events, incidents and intrusions; track incidents through analysis, diagnosis, correction and resolution.

• Manage the design and execution of vulnerability assessments, penetration tests, and security audits.

SSupervise the support processes for end users for all in–place and future security solutions.

• Five or more years of previous Information Security Management experience.

• Extensive experience with network security, vulnerability assessments, access control and authorization, policy enforcement and compliance, application security, firewall management, incident response, data loss prevention, encryption, multi factor authentication, web filtering, and advanced threat protection.

• Experience with incident, problem, change and configuration management processes.

• Working technical knowledge of AV/AM solutions, MFA technologies, Mobile Device Management Security, NGFW configuration and management, IDS/IPS, SIEM and log correlation/analysis tools.

• Strong understanding of information security best practices and/or standards (e.g. NIST, ISO, COBIT, ITIL, PCI, etc.), global/regional data privacy laws and regulations, governance, risk and compliance management.

• Strong understanding of operating systems, networking (TCP/IP, OSI Model, wireless, routing and switching), applications/system management, data management and cloud based systems.

• Familiarity with corporate and manufacturing environments and operational facilities/processes.

• Bachelor's degree in Information Technology, Computer Science or related field.

• Eight+ years of information security related work experience.

• CISSP certification required. In addition, other security related certifications are a plus.

• Work is generally performed within a business professional office environment, with standard office equipment available.

• Work conditions are typical of an office environment.

• This role does not require any domestic travel

• Position may require the physical agility of lifting up to 15 pounds

• Position may require frequent and/or infrequent of bending, squatting, pushing, pulling, stretching/reaching, use hands or fingers, talk, hear, feel objects, tools, controls and standing/walking on concrete flooring.

• Position may require the physical ability to stand/walk for Less than 4 hours.

OSI Industries is an Equal Employment Opportunity employer that believes everyone has the right to be treated with dignity and respect. OSI does not discriminate on the basis of national origin, gender, race, color, religion, pregnancy, gender identity, sexual orientation, protected veteran status, disability, or any other characteristic protected by applicable law. All applicants will receive consideration for employment based on merit, qualifications, and business needs. OSI participates in the E–Verify program.