US LBM Senior Manager - Security & Compliance

• Manage, assess, and mentor the SecOps staff in monitoring, response, and continuous improvement Manages the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing a realistic overview of risks and threats in the enterprise environment.

• Ensure systems' security by monitoring reports and evaluating threats.

• Perform and manage the implementation of counter-measures or mitigating controls.

• Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices, research, malicious code reverse engineering, penetration testing, and threat intelligence.

• Assist in performance and coordination of Security Incident Response activities.

• Monitor and analyze logs from various systems, ensuring audit trails, system logs and other monitoring data is reviewed and actionable.

• Perform all assigned duties in compliance with internal policies and standards and external regulations.

• Perform periodic and on demand system audits and vulnerability assessments, including user accounts, application access, file system, external web integrity, and certificates to determine compliance.

• Provide clear communications to management on various cyber activity.

• Monitor and maintain systems and procedures to protect data from unauthorized users.

• Coordinate with users to discuss issues such as access needs, security violations, and security training needs.

• Work closely with 3rd party partners to secure data and assets.

• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

• Manage security projects and provide expert guidance on security matters for other IT projects.

• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.

• Criteria for Senior Manager

• Work with the Director of Security to develop a security program and security projects that address identified risks and business security requirements.

• Provide an external perspective on developments within Information Security and recommends improvements to US LBM Security Strategy.

• Lead the selection and implementation of Information Security technologies and tools.

• Direct staff includes Managers and/or vendors providing material or enterprise services to our Company. Interacts with company senior/executive leadership. Primary vendor relationship manager.

• Provide organizational wide cyber security oversight leveraging a comprehensive and sustainable governance, risk management and compliance (GRC) framework.

• Monitor and report on security policies compliance, as well as the enforcement of policies within the IT department.

• Develop and evolve IT security policies, standards, guidelines and procedures to ensure operating efficiency and regulatory compliance.

• Ensure systems' security by conducting audits, monitoring reports and evaluating threats.

• Research, recommend and evaluate security and privacy products, devices and methodologies.

• Evaluate software applications to ensure security adherence.

• Configure software parameters to comply with business and regulatory security and privacy requirements.

• Analyze the results of various security scans, process appraisals and other improvement efforts.

• Create actionable reports, document and track action plans in support of security improvement efforts.

Required For All Jobs

• Perform other duties as assigned.

• Comply with all policies and standards.

• Adheres to Company's commitment to workplace safety.

Education Qualifications

• Bachelor's Degree in Information Systems or related field reqiured.

Experience Qualifications

• 7-9 years of IT experience, including security management and operations.

Skills and Abilities

• CISSP certification preferred.

• Experience with Security tools and technologies.

• Demonstrated ability leading security based project.

• An excellent understanding of information security concepts, protocols, industry best practices and strategies.

• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.

• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

• An understanding of operating system internals and network protocols.

• Experience in system technology security testing (vulnerability scanning and penetration testing).

• Have an innovative and entrepreneurial spirit and be comfortable multitasking and working in a fast-paced environment.

• Possess excellent communications skills and organizational awareness.

• Must be a self-starter with an attitude to "get things done."

• Excellent presentation and interpersonal skill, including written and oral communication.

• Demonstrated problem solving and conflict resolution skills.

• Ability to support multiple efforts in parallel, in a highly matrix, fast-paced, multi-site organization experiencing rapid growth.

• Most work is in office settings and there may be exposure to manufacturing, showroom or warehousing environments.

• May be asked to lift equipment such as PC CPU's and monitors and transport these by cart to various locations.

• May have to work off-hours if there are critical problems requiring IT intervention. May be weekend work if projects or assignments necessitate activity when workers are out of the office.

• Criteria for Senior Manager

• 7+ years IT experience, including security management and operations.

• CCISP certification required.

• Experience with common information security management frameworks, such as ISO 2700X and NIST.

• Familiarity with applicable legal and regulatory requirements: SOX, CCPA, PCI DSS.

• Experience in developing and documenting security architecture, policies, procedures, standards, guidelines, and plans, including strategic, tactical, and project plans.

• Proficient in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.

• An understanding of operating system internals and network protocols with familiarity of the principles of cryptography and cryptanalysis.

• Must have technical competency in IT/Systems, combined with business acumen to understand and translate between business and technical requirements.

• Experience and strong understanding of security tools/technologies and working with legal, audit and compliance staff. Able to support multiple efforts in parallel, in a highly matrix, fast-paced, multi-site organization experiencing rapid growth.

Licenses and Certifications

• CISSP Certified Information Systems Security Professional required.

Travel Requirements

• Some travel likely to Operating Company and US LBM locations along with business-related meetings and conferences.