Senior Manager Information Security Risk Services

Company: Hanes Brands
Location: Clemmons
Posted on: July 15, 2021

Job Description:

The Sr. Manager Information Security Risk Services is a critical member of the Director, Global Cybersecurity team. The role is to act as an interface between the Director, Global Cyber Security’s strategic and process-based activities and the work of the technology-focused analysts, engineers and administrators in the IT organization. The role must be able to evaluate and translate the digital risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting.

This is a leadership role that requires an individual with a strong technical background, as well as an ability to work with the IT organization and business management to align priorities and plans with key business objectives. They will act as an empowered representative of the Director during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans and that service expectations are clearly defined. They will also be responsible for consulting to business functions and IT to balance information security risks and its management with business drivers such as speed, agility, flexibility and performance.

Expertise in leading project teams and developing and managing projects is essential for success in this role. In addition to supporting the policies and strategies of the information security services group, this role must be able to prioritize work efforts — balancing operational tasks with longer-term strategic security efforts. Other project management tasks will include resource balancing across multiple IT and security teams, task prioritizing and project reporting.

This role is responsible for managing highly technical staff as they work to accomplish company and personal development goals and must, therefore, have proven leadership skills. Documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirements of the position.

The job is composed of a variety of activities, including very tactical, operational and strategic activities in support of the Global Cybersecurity program initiatives, such as:

• Strategic support
• Security liaison
• Architecture support
• Operational support

Strategic Support

• Work with the Director, Global Cybersecurity to develop a security program and security projects that address identified risks and business security requirements.
• Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the Director, Global Cybersecurity with a realistic overview of risks and threats in the enterprise environment and assist in the development of the annual information security risk assessment.
• Work with the Director, Global Cybersecurity to develop budget projections based on short- and long-term goals and objectives.
• Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
• Develop, manage and continually review information security policies, procedures and standards to ensure operating efficiency and regulatory compliance.
• Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.

Security Liaison

• Serve as an active and consistent participant in the information security governance process.
• Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
• Manage the Security Awareness function, providing security communication, awareness and training for audiences, which may range from senior leaders to line staff.
• Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.
• Manage the vendor risk management process, evaluating the information security risk attributable to vendors and the vendors’ management of that risk.
• Assist the information asset team in classifying data and systems as part of the control framework implementation.
• Work with the Director, Global Cybersecurity and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
• Provide support and guidance for legal and regulatory compliance efforts, follow through on security response to audits, and audit support for all appropriate regulatory requirements including the Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes Oxley.

Architecture Support

• Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
• Recommend and manage the design and implementation of technical controls to support and enforce defined security policies.
• Oversee the research, evaluation, design and test of new or updated information security hardware or software.

Operational Support

• Coordinate, measure and report on the technical aspects of security management.
• Maintain up-to-date knowledge of security advisories and alerts, information on security and risk trends and practices, and laws and regulations for impact on security programs and initiatives.
• Manage the threat and vulnerability management analysts, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
• Manage security projects and provide expert guidance on security matters for other IT projects.
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
• Oversee security testing procedures to verify the security of systems, networks and applications, and manage the identification, remediation and acceptance of identified risks.
• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

• A bachelor's degree in Computer Science, Information Systems, Engineering or related major; an M.B.A. or M.S. in information security is preferred.
• A minimum of eight years of IT experience, with five years in an information security role and at least two years in a supervisory capacity.
• Minimum of two years of experience in the consumer products or retail industry is preferred.
• At least one of CISM, CRISC, and/or CISSP certification(s) required; Other related certifications such as ITIL, PMP, SANS/GSEC, CIPP, CFE, CGEIT, CPA/CA are preferred, but not required.
• “Big Four” or regionally recognized consulting experience is highly desired.

Must have the following:

• Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
• Strong leadership skills and the ability to work effectively with business managers, IT development and operations staff.
• The ability to build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
• Demonstrated ability to build effective, cohesive and collaborative teams.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies; demonstrated ability to communicate highly technical concepts to non-technical audiences.
• A strong understanding of the business impact of security tools, technologies and policies.
• Experience working with legal, audit and compliance staff.
• Experience developing and maintaining policies, procedures, standards and guidelines.
• Experience with common information security management frameworks, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), the International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
• Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the European Union Privacy Directive, the Payment Card Industry Data Security Standard (PCI DSS), and the U.S. Health Insurance Portability and Accountability Act (HIPAA).
• Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• An understanding of operating system internals and network protocols.
• Familiarity with the principles of cryptography and cryptanalysis.
• Experience in application technology security testing (white box, black box and code review).
• Experience in system technology security testing (vulnerability scanning and penetration testing).

EOE/AA: Minorities/Females/Veterans/Disabled

Only applicants requiring reasonable accommodation for any part of the application and hiring process should contact us directly:    

Telephone: 877.999.5553

Email: HBI_TA@hanes.com

Keywords: Hanes Brands, Winston-Salem , Senior Manager Information Security Risk Services, Other , Clemmons, North Carolina