Senior Manager Information Security Risk Services
Company: Hanes Brands
Posted on: July 15, 2021
The Sr. Manager Information Security Risk Services is a critical
member of the Director, Global Cybersecurity team. The role is to
act as an interface between the Director, Global Cyber Security’s
strategic and process-based activities and the work of the
technology-focused analysts, engineers and administrators in the IT
organization. The role must be able to evaluate and translate the
digital risk requirements and constraints of the business into
technical control requirements and specifications, as well as
develop metrics for ongoing performance measurement and
This is a leadership role that requires an individual with a strong
technical background, as well as an ability to work with the IT
organization and business management to align priorities and plans
with key business objectives. They will act as an empowered
representative of the Director during IT planning initiatives to
ensure that security measures are incorporated into strategic IT
plans and that service expectations are clearly defined. They will
also be responsible for consulting to business functions and IT to
balance information security risks and its management with business
drivers such as speed, agility, flexibility and
Expertise in leading project teams and developing and managing
projects is essential for success in this role. In addition to
supporting the policies and strategies of the information security
services group, this role must be able to prioritize work efforts —
balancing operational tasks with longer-term strategic security
efforts. Other project management tasks will include resource
balancing across multiple IT and security teams, task prioritizing
and project reporting.
This role is responsible for managing highly technical staff as
they work to accomplish company and personal development goals and
must, therefore, have proven leadership skills. Documentation and
presentation skills, analytical and critical thinking skills, and
the ability to identify needs and take initiative are key
requirements of the position.
The job is composed of a variety of activities, including very
tactical, operational and strategic activities in support of the
Global Cybersecurity program initiatives, such as:
Work with the Director, Global Cybersecurity to develop a security
program and security projects that address identified risks and
business security requirements.
Manage the process of gathering, analyzing and assessing the
current and future threat landscape, as well as providing the
Director, Global Cybersecurity with a realistic overview of risks
and threats in the enterprise environment and assist in the
development of the annual information security risk
Work with the Director, Global Cybersecurity to develop budget
projections based on short- and long-term goals and
Monitor and report on compliance with security policies, as well as
the enforcement of policies within the IT department.
Develop, manage and continually review information security
policies, procedures and standards to ensure operating efficiency
and regulatory compliance.
Manage a staff of information security professionals, hire and
train new staff, conduct performance reviews, and provide
leadership and coaching, including technical and personal
development programs for team members.
Serve as an active and consistent participant in the information
security governance process.
Assist resource owners and IT staff in understanding and responding
to security audit failures reported by auditors.
Manage the Security Awareness function, providing security
communication, awareness and training for audiences, which may
range from senior leaders to line staff.
Work as a liaison with vendors and the legal and purchasing
departments to establish mutually acceptable contracts and
Manage the vendor risk management process, evaluating the
information security risk attributable to vendors and the vendors’
management of that risk.
Assist the information asset team in classifying data and systems
as part of the control framework implementation.
Work with the Director, Global Cybersecurity and IT and business
stakeholders to define metrics and reporting strategies that
effectively communicate successes and progress of the security
Provide support and guidance for legal and regulatory compliance
efforts, follow through on security response to audits, and audit
support for all appropriate regulatory requirements including the
Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes
Consult with IT and security staff to ensure that security is
factored into the evaluation, selection, installation and
configuration of hardware, applications and software.
Recommend and manage the design and implementation of technical
controls to support and enforce defined security
Oversee the research, evaluation, design and test of new or updated
information security hardware or software.
Coordinate, measure and report on the technical aspects of security
Maintain up-to-date knowledge of security advisories and alerts,
information on security and risk trends and practices, and laws and
regulations for impact on security programs and
Manage the threat and vulnerability management analysts, identify
risk tolerances, recommend treatment plans and communicate
information about residual risk.
Manage security projects and provide expert guidance on security
matters for other IT projects.
Ensure audit trails, system logs and other monitoring data sources
are reviewed periodically and are in compliance with policies and
Oversee security testing procedures to verify the security of
systems, networks and applications, and manage the identification,
remediation and acceptance of identified risks.
Manage outsourced vendors that provide information security
functions for compliance with contracted service-level
A bachelor's degree in Computer Science, Information Systems,
Engineering or related major; an M.B.A. or M.S. in information
security is preferred.
A minimum of eight years of IT experience, with five years in an
information security role and at least two years in a supervisory
Minimum of two years of experience in the consumer products or
retail industry is preferred.
At least one of CISM, CRISC, and/or CISSP certification(s)
required; Other related certifications such as ITIL, PMP,
SANS/GSEC, CIPP, CFE, CGEIT, CPA/CA are preferred, but not
“Big Four” or regionally recognized consulting experience is highly
Must have the following:
Strong leadership abilities, with the capability to develop and
guide information security team members and IT operations
personnel, and work with minimal supervision.
Strong leadership skills and the ability to work effectively with
business managers, IT development and operations staff.
The ability to build strong relationships at all levels and across
all business units and organizations, and understand business
Demonstrated ability to build effective, cohesive and collaborative
Excellent verbal, written and interpersonal communication skills,
including the ability to communicate effectively with the IT
organization, project and application development teams, management
and business personnel; in-depth knowledge and understanding of
information risk concepts and principles as a means of relating
business needs to security controls; an excellent understanding of
information security concepts, protocols, industry best practices
and strategies; demonstrated ability to communicate highly
technical concepts to non-technical audiences.
A strong understanding of the business impact of security tools,
technologies and policies.
Experience working with legal, audit and compliance
Experience developing and maintaining policies, procedures,
standards and guidelines.
Experience with common information security management frameworks,
such as the National Institute of Standards and Technology (NIST)
Cybersecurity Framework (CSF), the International Standards
Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and
Control Objectives for Information and Related Technology (COBIT)
Familiarity with applicable legal and regulatory requirements,
including, but not limited to, the U.S. Sarbanes-Oxley Act, the
European Union Privacy Directive, the Payment Card Industry Data
Security Standard (PCI DSS), and the U.S. Health Insurance
Portability and Accountability Act (HIPAA).
Strong project management skills and experience in creating and
managing project plans, including budgeting and resource
Proficiency in performing risk, business impact, control and
vulnerability assessments, and in defining treatment
Knowledge of and experience in developing and documenting security
architecture and plans, including strategic, tactical and project
Strong analytical skills to analyze security requirements and
relate them to appropriate security controls.
An understanding of operating system internals and network
Familiarity with the principles of cryptography and
Experience in application technology security testing (white box,
black box and code review).
Experience in system technology security testing (vulnerability
scanning and penetration testing).
Only applicants requiring reasonable accommodation for any part of
the application and hiring process should contact us directly:
Keywords: Hanes Brands, Winston-Salem , Senior Manager Information Security Risk Services, Other , Clemmons, North Carolina
Didn't find what you're looking for? Search again!