The Information Security Manager (PCI/QSA/ISA) will be responsible for supporting planning, supervising staff, and executing IT Security and Privacy projects. The Information Security Manager will serve as a project or team lead to ensure high-quality delivery. This position will perform work, as well as oversee the technical work of some junior level personnel. This position will work directly with other project leads, managers, and/or executives to communicate business and technical aspects of the work being performed. The Information Security Manager (PCI) will set performance expectations for junior level personnel and provide constructive performance feedback on a regular basis. This position may also assist the engagement economics of the projects, including budget status tracking, billing, and collection analysis. The Information Security Manager (PCI) will perform the following responsibilities:
- Conduct and lead Information Security Projects, including:
- Information Security Assessments
- Penetration Testing
- PCI Data Security Assessments
- Cloud Security Reviews
- IT Security Technology Implementations
- Evaluate and/or Implement IS solutions and controls to ensure data security and integrity for our clients.
- Prepare reports or other necessary documentation to detail results of evaluation and otherwise meet the objectives of the Project.
- Submit recommendations to client for corrective action or to support a recommend approach to solving the client’s needs.
- Participate in planning and implementing of client information systems, including structure, process, and security.
- Participates in strategic and tactical objectives to include new product offerings, identify additional client needs, and generating new business leads.
- Correspond with a variety of clients and communicate security issues, recommendations, and deliverables effectively.
- Bachelor's degree required, candidates must possess significant analytical skills which likely evolved from early academic training in Computer Science, Computer Engineering, or Information Systems
- Minimum 5 years of business experience in the areas of Information Security.
- Certified Information Systems Security Professionals (CISSP) or willingness to obtain
- PCI Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) designation or willingness to obtain
- Experience within consulting or professional services, or at leading industry public companies is preferred.
- We require some prior experience supervising junior level resources in the areas of Information Security.
- Knowledge of internetworking technology.
- System and network administration experience on UNIX (any flavor), Windows 2003/2008/2012
- Knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Access Management, or Web Services is very desirable.
- Writing and interpersonal communication skills are expected to be of a high quality.
- The ability to handle multiple projects concurrently is a must.
- This position requires national travel- 60%
Additional Skills Desired:
- CISSP, QSA, CCSK, CEH, Microsoft, Cisco, HPUX, other vendor, application, or system certifications.
- Network Security Practices: Auditing, planning, design, implementation, testing, and management
- Operating Systems: Windows/AD, UNIX
- Network infrastructure development/deployment, DNS, Web servers, Email Architecture, DMZ Management
- Network architecture and protocols: TCP/IP, UDP, HTTP, NetBIOS, IPSec, SMTP
- Network firewalls, application gateways, proxy servers
- Database Security: MS SQL, Oracle
- Follow industry best practice methodologies for penetration testing (e.g., OWASP guidelines), and be able to perform both manual penetration testing and automated testing.
- Network Device Access to controls to include Cisco routers and other network devices
- Cryptographic methods and standards: Asymmetric, Symmetric
- Development skills in two of the following: Perl, Ruby, PowerShell and Bash, C++, C#, Java
Visit Crowecareers.com and find out what it's like to work with people who love what they do!
Crowe Horwath LLP is one of the largest public accounting and consulting firms in the United States. Under its core purpose of “Building Value with Values®,” Crowe uses its deep industry expertise to provide audit services to public and private entities, while also helping clients reach their goals with tax, advisory, risk and performance services. With offices coast to coast and 3,000 personnel, Crowe is recognized by many organizations as one of the country's best places to work. Crowe serves clients worldwide as an independent member of Crowe Horwath International, one of the largest global accounting networks in the world, consisting of more than 150 independent accounting and advisory services firms in more than 100 countries around the world.