InfoSec Manager

• A minimum of 7 years of IT experience, with 5 years in an information security role.

• A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.

• CISSP, PCIP,PCI-ISA certification a positive, but not required.

• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks

• Experience with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI-DSS)

• Must have experience with leading PCI audits with third party vendors and leading remediation, by creating and delegating tasks to appropriate teams. • Experience in system technology security testing (vulnerability scanning and penetration testing).

• Deep understanding of operating system internals and network protocols.

• Must have experience in developing and maintaining incident response plans.

• Must be able to develop training and ensure that information is provided to Cinch personnel in order to comply with security requirements.

• Must have experience using Qualys, Nexus or similar scanning tools, for network and application vulnerability scanning.

• Experience working with legal, audit, compliance staff as well as business managers, IT.

• Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision. • Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel

• In-depth knowledge and understanding of information risk concepts and principles, protocols, industry best practices and strategies. • A strong understanding of the business impact of security tools, technologies and policies.

• Strong understanding of principles of cryptography and cryptanalysis.

• Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.

• Experience developing and maintaining policies, procedures, standards and guidelines.

• Experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.