Information Security Manager

It's fun to work in a company where people truly BELIEVE in what they're doing!
Job Summary

*This position is currently available for work at home to candidates that reside in the following states: Idaho, Kansas, New Mexico, Ohio, Pennsylvania, Texas, Utah or who reside in neighboring states and within 60 miles of Chadds Ford, PA or Lenexa, KS.*

The Manager, Info Sec manages a team of Information Security professionals and leading efforts to ensure compliance to regulatory requirements and the protection of company information assets. This position reports to the Director, Information Security and works closely across other Information Security disciplines, as well as IT & Operations, Privacy, Legal, Enterprise Risk Management, and the business. The leader of this space should have Security Operations Center (SOC) knowledge in regarding to staffing and optimizing operations to protect critical infrastructure. A working knowledge of cyber tools and procedures to analyze indicators of compromise, conduct security incident management, and assist with defense in depth will also be expected in this role.

Job Description

Essential Job Functions

Leadership and Development - Lead a team of Information Security professionals of various experience levels and bands and the evolution of their respective areas of responsibility. Hire and train new staff, conduct performance reviews and utilize subject matter expertise to guide and coach team members. Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied within the department. Identify and understand drivers for change and act as a champion and partner with other leaders to deliver those changes. Ability to lead in a team-fostered, fast-paced, multi-threaded environment, and able to effectively delegate and accomplish efforts through others. Assist with the creation and management of the InfoSec team's strategy and vision. Actively work as a change agent to support InfoSec initiatives both within the team and the broader organization.

Collaboration and Communication - Partner with internal teams on strategic and tactical plans for information security regarding major system and application changes to help ensure that information security standards are maintained, and information assets are protected. Ability to diffuse problematic situations and manage through conflict resolution. Ability to take complex concepts and break down into laymen's terms or analogies that help with other's understanding. Viewed as an enabling partner that provides options or information when saying no to business or IT requests. Seen by senior leadership and peers as creditable, trustworthy and respectful. Communicate goals and new programs effectively with other department managers within the organization. Produce presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools. Advanced interpersonal, negotiation, oral communication and English writing skills expected.

Process and Project Management - Lead the design and the implementation of key IT projects and initiatives as they pertain to the organization's long-term security strategy. Identify areas of improvement where processes do not currently exist and drive the development and delivery of new processes to address these gaps. Ability to lead through ambiguity and deliver quality results with minimal supervision. Willingness to escalate identified issues as necessary and the ability to identify when to partner with senior leadership to resolve issues, risks or obstacles. Builds consensus for delivering results while finding common ground for collaboration and partnership.

Operational Effectiveness - Maintain appropriate internal processes and procedures to ensure operational effectiveness of the team. Lead the creation of and the maintenance of relevant documentation including run books, project updates, process documentation, architecture and technical requirements and presentations. Assist in managing department budget and costs associated with associate training and expenses. Work with the Change Advisory Board (CAB) to identify and manage changes that will impact Information Security controls. Develop and deliver Key Performance Indicators (KPIs) through the understanding of the tools and deliverables by helping to develop, maintain and mature the associated reporting structure. Ability to produce meaningful and actionable metrics through data analysis. Lead data analysis exercises using Excel Pivot Tables, Microsoft Access Queries, and other data driven analysis tools.

Subject Matter Expertise - Intermediate to advanced knowledge of IT tools and practices including, but not limited to: Networking, LDAP Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls, Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tooling. Intermediate knowledge of regulatory bodies and corresponding compliance requirements including, but not limited to PCI-DSS, SOX, GLBA, CCPA, GDPR. Intermediate knowledge of control frameworks including, but not limited to: FFIEC Examination Handbooks, NIST 800-53, ISO 27001. Intermediate knowledge of Cyber Security Maturity Frameworks such as NIST-CSF and FFIEC Cyber Assessment Tool.

Reports to: Director, Information Security

Working Conditions/ Physical Requirements: Normal office environment. As the need of the business continue to evolve, this role may be asked to work an on-call rotation to include evenings or weekends.

Direct Reports: Yes, 3-10

Minimum Qualifications:

Certifications: One or more field related professional technical certifications (CISSP, CISA, CISM, Security+, CDPSE) or able to complete within 12 months.

Six or more years experience in Information Security, IT Audit or Risk Management experience

Preferred Experience:

Bachelors or equivalent experience in Computer Science or Information Technology

Certifications: Two or more field related professional technical certifications (CISSP, CISA, CISM, Security+, CDPSE)

Eight or more years of work experience in Information Security, IT Audit or Risk Management experience

Disclosure of COVID-19 vaccination status will be required after acceptance of a conditional offer of employment except where prohibited by applicable law. Starting January 2022 and to the extent allowed by applicable law, the Company will require all associates who will be on-site or who will travel or interact with others in person as part of their job duties to either be fully vaccinated against COVID-19 or undergo at least weekly testing. The Company is an equal opportunity employer and will consider reasonable accommodations where required by applicable law.
About Alliance Data Card Services

Alliance Data Card Services provides market-leading private label, co-brand, general purpose and commercial credit card programs, digital payments and Comenity-branded financial services. Using the industry's most comprehensive and predictive data set, advanced analytics, and broad-reaching capabilities, Alliance Data Card Services has been helping partners increase sales and provide greater value to their customers for more than 30 years. Follow Alliance Data Card Services on Twitter, Facebook, LinkedIn and Instagram.

About Bread®
A division of Alliance Data, Bread is a leading digital payments company that works with merchants and partners to personalize payment options for their customers. Through its full-funnel recommendation engine, Bread empowers merchants to sell more, improve conversion and lift average-order-value. Follow Bread on Twitter, Facebook and LinkedIn.

Alliance Data Card Services and Bread are a proud part of the Alliance Data enterprise, an S&P MidCap 400 company that consists of businesses that together employ approximately 8,000 associates worldwide.

• Alliance Data offers a competitive salary, a comprehensive selection of benefit options including 401(k).
• All job offers are contingent upon successful completion of credit and background checks.
• Alliance Data is an Equal Opportunity Employer.
• Alliance Data will provide accommodations to applicants needing accommodations to complete the application process.
• Any applicant offered employment will be required to establish that they are legally authorized to work in the United States for Alliance Data.
• Alliance Data participates in E-Verify.
• Alliance Data will consider for employment qualified applicants with criminal and credit histories in a manner consistent with the requirements of all applicable laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.
• Alliance Data complies with the Americans with Disabilities Act (ADA), as amended, and all applicable state/local laws. Applicants with disabilities may contact Alliance Data to request an arrange for accommodations. If you need assistance to accommodate a disability, you may request an accommodation at any time. Please contact the Recruiting Team at [email protected].

Job Family:
Information Technology

Job Type:

Regular