CenturyLink Manager Information Security in ASHBURN, Virginia
CenturyLink (NYSE: CTL) at http://www.centurylink.com/ is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.
The Manager, Information Security leads the Information Security Architecture and Engineering team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate policy, standards, procedures and industry best practices. This group has responsibility for:
Providing and maintaining the Information Security Policy, Methods & Procedures, Technical Standards, Technical Best Practices and Processes to ensure compliance with industry standards and best practices.
Managing the process for exceptions to the Information Security Policy.
Assessing new or enhanced products and services, networks, systems and applications, and providing security requirements to the business and partners to ensure compliance with the Information Security Policy, and regulatory and industry obligations.
Providing security requirements and information for proposals (RFPs), sales inquiries, customer questionnaires, contracts (commercial and government) and security audits.
Integrating and supporting the security tools used by the Information Security staff.
Reporting directly to the Chief Information Security Officer, the manager will participate in top-level strategic planning of the Information Security organization’s short, mid and long-range goals. The successful candidate will have experience in leading a technical staff and possess strong communications skills and experience in presenting technical issues to a wide variety of audiences. In addition, the manager must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer-facing services.
Assist the CISO in overseeing the responsibilities of the Information Security Architecture and Engineering program, managing day-to-day performance of the staff.
Assist the CISO in developing and implementing the Information Security Policy and supporting standards, processes, and best practices, ensuring they are consistent with authoritative sources and corporate strategic objectives.
Assist the CISO in maintaining appropriate metrics to measure information security risk to the corporation. Ensure reports and findings are delivered in a timely and appropriate manner to upper management and executive leadership.
Recruit, hire, train, develop, and supervise the performance of information security professionals in the Architecture and Engineering program. Perform employee performance reviews and make compensation recommendations.
Consult with internal clients on security topics and policy interpretation.
Assess operational business processes to identify opportunities to integrate security risk assessments for greatest impact.
Coordinate activities across multiple departments and business units.
10+ years experience in performing security risk assessments and application, system and network security.
Undergraduate degree in Computer Science, Engineering, or related field, or equivalent experience.
Applicable professional/technical certifications should be in place, or candidate must be willing to pursue.
Must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services.
Excellent oral and written communication skills and experience in presenting technical issues to all levels of management, as well as non-technical staff.
Professional/technical certifications, such as CISSP, GPEN, GWAPT, GISEC, CISM or CISA.
Knowledge of information security industry and regulatory obligations (ISO 27001/27002, SOX, PCI, NIST Framework, FISMA, HIPAA, NACHA, and SSAE-16).
Experience in leading teams of technical personnel.
Knowledge of project management practices.
Experience in large Enterprise data centers and/or networks.
Alternate Location: US-Virginia-Ashburn
Requisition # : 212972
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.