IT Manager I, Information Security (Vulnerability Management)

GENERAL PURPOSE:

Manage enterprise vulnerability management program, as well as evaluate and recommend improvements to enterprise security infrastructure and processes within IT. Responsible for ongoing vulnerability identification, assessment, prioritization and remediation planning to continually improve the security posture of Ross.

The Vulnerability Manager has a significant role working with a wide variety of people from different organizational units, bringing them together to ensure vulnerabilities are managed effectively using best practice industry standards.

ESSENTIAL FUNCTIONS:

• Responsible for managing the Vulnerability Management team for the execution of network and infrastructure vulnerability scans, working with cross-functional teams to evaluate the appropriate risk, recommend appropriate remediation solutions for identified vulnerabilities and track remediation.

• Manage a staff of security architects, engineers and analysts, and prioritize project and operational work efforts.

• Coordinate work efforts with other teams such as patch team, infrastructure management, security operations, governance & risk. Communicate project and operational metrics.

• Understands the fundamental business activities performed by Ross, and based on this understanding, recommends appropriate information security solutions that protect these activities.

• Provides technical support and consulting services on matters related to information security and vulnerability management.

• Develops action plans, schedules, budgets, status and metrics reports as well as other management communications intended to improve the vulnerability management program at Ross.

• Stays informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional association memberships, industry conferences, special training seminars, and other methods.

• Monitors current and proposed laws, regulations (ie. PCI, SOX, HIPAA) and industry standards related to vulnerability management, so that Ross is warned in advance and is ready to be fully compliant with these requirements.

COMPETENCIES:

• Planning

• Conflict Management

• Motivating Others

• Dealing with Ambiguity

• Problem Solving

• Customer Focus

• Communication

QUALIFICATIONS AND SPECIAL SKILLS REQUIRED:

• At least 5 to 10 years of Information Technology Security, at least 5 years with large enterprise organizations

• A solid understanding of industry best practices for Vulnerability Management; specific demonstrated experience mapping business processes and comparing those processes to industry best practices

• Knowledge of various vulnerability scanning solutions

• Demonstrated project management experience

• Professional Characteristics/Motivators:

- Motivated by the desire to make a difference in the business, to work with a highly talented set of peers, and to work on interesting projects

- A high sense of responsibility – to our customers, our business partners, our colleagues, and to the quality and timeliness of one’s own work; a willingness to “do what it takes” to support our company’s systems – sometimes during non-standard work hours

- Outstanding verbal and written communication skills; outstanding listening skills

- Able to articulate issues, build consensus around recommendations, and define next steps

- Very professional presence and appearance

- Outstanding work ethic; exhibits a “sense of urgency” relative to resolving issues

- Team oriented, yet able to work independently; very self-motivated

- Customer focused

- A continual desire and capability to learn

- Highly organized and detail oriented

- Natural leader

PREFERRED QUALIFICATIONS:

• Experience with the Microsoft Office Suite, Microsoft Project and Visio

• Graduate degree

• Certified Information Systems Security Professional (CISSP), or other Information Security related certification

PHYSICAL REQUIREMENTS/ADA:

• Requirements: Consistent timeliness and regular attendance. Job requires ability to work in an office environment, primarily on a computer. The job also requires sitting, standing, walking, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.

• Occasional Requirements: Job occasionally requires bending, kneeling, reaching, and lifting up to 10 pounds.

• May also require occasional driving and/or traveling overnight for business functions or site visits.

• Vision requirements: Ability to see information in print and/or electronically.

SUPERVISORY RESPONSIBILITIES:

Vulnerability Management Engineer

Senior Security Analysts

Security Analysts

DISCLAIMER:

This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management’s discretion.

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company’s overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.

'171623