IT Salary: IT Security Manager
(Salary data and job descriptions courtesy of Foote Partners.)
Q1 2007 Data:
Manages the implementation of corporate policies, programs, and procedures to cost-effectively protect information systems assets from intentional or inadvertent modification, disclosure or destruction. Develops, maintains, publishes, and enforces corporate information security standards and guidelines encompassing data and intellectual security. Proactively protects the integrity, confidentiality, and availability of information in the custody of, or processed by, the company, providing reports to superiors regarding the effectiveness of network and data security and making recommendations for the adoption of new procedures and technologies as required. Develops and maintains systems within an enterprise security environment. Manages and coordinates compliance for required industry audits by helping to identify issues, anticipate and solve problems, and provide customer service to internal and external customers based on your ability to prioritize and initiate solutions. Manages and monitors the intrusion detection mechanisms, firewall logs, and other relevant reports to avoid computer hacking and any other unauthorized and suspicious activity. Ensures development and maintenance of firewall configurations to ensure appropriate security change management policies are being maintained.
• Bachelor’s degree or equivalent business qualifications.
• 8 or more years in IT experience with 5 years of security/infrastructure protection and infosecurity audit experience.
• Solid multi-platform knowledge. Experience in UNIX, Windows, Linux, and IP intranet/Internet security environments including: firewalls, intrusion detection, incident response, policy writing, vulnerability testing, operating system hardening, regulatory compliance, and data classification.
• Experience with identity management solutions (e.g. RSA Cleartrust, Netegrity Siteminder, Oblix). Experience architecting and implementing security solutions, policies, and technologies relating to transactional web sites is a big plus.
• Experience in data administration and security methods with Oracle, DB2, or similar environments, SQL, plus experience in various database design techniques.
•Solid knowledge of Sarbanes Oxley compliance, corporate security and network policies and procedures, and experience in a compliance management leadership role.
• Prior business and system presentation practices to all levels of the organization
• Highly desirable to hold one or more of the following certifications:
– Certified Information Systems Auditor (CISA)
– Certified Information Systems Security Professional (CISSP)
– Certified Information Security Manager (CISM)
– SANS-GIAC certifications
– System Security Certified Practitioner (SSCP)
– Cisco Certified Security Professional (CCSP)
– Check Point Certified Security Expert (CCSE)
– Prosoft CIW Security Professional (CIW-SP)
– Certified Protection Professional (CPP)
– Certified Network Security Professional (CNSP) or Associate (CNSA)
– Internet Computer Security Engineer (ICSE)
• Working knowledge of ISO 17799 Security Standards and SAS 70 auditing techniques.
• Experience linking legal and regulatory statutes with corporate policies.
•Two or more of the following qualities or experience factors:
–demonstrated competency in strategic thinking with strong abilities in relationship management
–successful development and implementation of new technology
–demonstrated competency in project management in a cross-functional environment and experience in managing resources across enterprise boundaries to meet goals on multiple projects
–demonstrated competency in developing effective solutions to diverse and complex business problems
–demonstrated experience managing global IT operations