Information Technology Security Manager

Job Title: Corporate Security - Vulnerability Management Analyst

Department: Internal Security

Location: Hybrid

Status - Full-time Exempt

Are you looking to join a team where “corporate values” aren’t just words on the website but instead are the genuine beliefs of the team? Where the people are smart, hardworking, fun, and loving? A place where the talk is walked?

That’s Kasasa! 4 values define our company culture – Interdependence, Empowered Ownership, Badassitude, and Love – Together these values form THE PATCH. Elevate is the wrapper around the whole Patch reminding us to seek the “highest form” of our values.

If you feel our company values align with your own, please apply! If you don’t, we encourage you to find a company whose values do!

Our values are a living commitment to one another. It defines everything we do, including how we build products, serve our clients, plan for the future, and work together. It is our uncompromising promise to one another, our communities, and our clients.

• Interdependence - Only team wins count. I take responsibility for my team’s success. My Team is Kasasa. I hold my shield for all of us.
• Empowered Ownership - I know my goals. If they’re to be, it’s up to me.
• Badassitude - I am passionate about what I do because I understand why it matters. I will courageously face challenges, seeing each one as a stepping stone toward growth.
• Love - We boldly bring love to the workplace and the world.
• ELEVATE - I CREATE THE HIGHER POSSIBILITY.

ONLY THE BADASS NEED APPLY!

We’re looking for much more than qualified applicants! We’re looking for people who “relentlessly give a sh!t” (Or “RGAS” for short; this is a component of ourBadassitude value)! We want individuals who will courageously face challenges. We don’t settle for good enough. At Kasasa, we have the determination, grit, and hustle to create excellence.

Kasasa’s mission is to inspire and elevate community financial institutions to be the source for love and financial well-being in their communities. Kasasa employees (Spartans) are passionately dedicated to this mission and lead the way – sharing our “love” with the world – through our words and actions – via community service and outreach. Expect to get involved and make an impact if you expect to be a Spartan.

As Spartans once did, we stand together and inspire others to join us in our mission. Stronger together and united by core values, we are more than a team. We are a Phalanx!

The purpose of this position description is to serve as a general summary and overview of the major duties and responsibilities of the job. It is not intended to represent the entirety of the job, nor is it intended to be all-inclusive. Therefore, the position may be required or requested to perform for Kasasa other work duties not specifically listed herein. Management reserves the right to modify, defer, or rescind this position description at any time, with or without prior notice.

Role Overview

In today’s digital environment, the role of an Information Technology Security Manager is an essential position within our organization. By developing security strategies; implementing policies and procedures; executing risk assessments and penetration testing; collaborating with colleagues to mitigate known and emerging vulnerabilities and threat and by briefing senior management on the company’s overall risk management posture, our Information Technology Security Manager plays a vital role in protecting our organization against cyber-attacks that threaten the integrity of our data, networks and information technology assets. This job description outlines the responsibilities and qualifications required for the position.

Responsibilities

• Infuse the Patch Values into your work ethic, every day and every interaction.
• Develop and implement the organization's security strategies, policies, procedures, and remediation efforts.
• Provide guidance, training, and support to ensure the effective execution of security initiatives.
• Conduct regular risk assessments and vulnerability tests to identify potential security threats and develop action plans to mitigate them. Monitor and analyze security incidents, investigating any breaches or security incidents and implementing corrective actions as necessary.
• Establish client facing communication protocols. Stay up to date with the latest industry trends, threats, and technologies to ensure that the organization's cybersecurity measures are current and effective.
• Collaborate with other departments to ensure that security requirements are integrated into the design, implementation and deployment of new systems, technologies, network and devices.
• Develop and implement security awareness programs to educate employees about security best practices and promote a culture of security within the organization.
• Manage relationships with external vendors and partners to ensure that security controls are effectively implemented and maintained.
• Ensure compliance with relevant regulatory requirements and industry standards, such as state data privacy laws, regulations, and requirements.
• Prepare and present regular reports to senior management on the organization's IT security posture, including insights, recommendations, and metrics.
• Annual Board reporting

Position Requirements

• In-depth knowledge of IT security /cybersecurity principles, best practices, and industry standards.
• Strong management and collaboration skills, with the ability to motivate and inspire colleagues.
• Excellent problem-solving and analytical skills, with the ability to identify and mitigate security risks.
• Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to both technical and non-technical stakeholders.
• Proficiency in conducting risk assessments and vulnerability testing.
• Experience with security incident response and management.
• Familiarity with security tools and technologies, such as firewalls, intrusion detection and prevention systems, encryption, antivirus software, etc.
• Knowledge of network and system administration.
• Understanding of cloud computing security principles and best practices.
• Familiarity with regulatory requirements and industry standards related to IT security.

Qualifications

• 6+ years of IT security / cybersecurity experience.
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity or a related field.
• Professional certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), Offensive Security Certified Professional (OSCP), or CISA (Certified Information Systems Auditor) are highly desirable.
• Proven experience in an IT security role, with a track record of successfully implementing and managing IT security programs.
• Familiarity and experience with security controls for cloud based infrastructure such as Amazon Web Services (AWS).
• Hands on experience with anti-phishing; anti-malware; remote device monitoring; threat intelligence; patch management software, tools, and controls.
• Strong knowledge of relevant regulations and standards, such as data privacy and protection laws.
• Experience with risk management methodologies and frameworks. Preferred: NIST framework.
• Prior experience working with external auditors.
• Familiarity with project management principles and practices.
• Excellent written and verbal communication skills. Strong collaboration skills.
• Strong attention to detail and the ability to prioritize and manage multiple tasks simultaneously.

PHYSICAL REQUIREMENTS

• Sitting for extended periods of time; approximately 5-6 hours per day
• Simultaneous use of hand, wrist and fingers
• Daily operation of standard office equipment
• Frequent use of oral communication to perform work
• Lifts and moves up to 20 pounds occasionally

Our benefits include:

• Open Paid Time Off AND 14 paid holidays
• Gym Membership Reimbursement
• Tuition Reimbursement
• Paid Parental Leave
• Love Fund – established as a way for Spartans to give back to their co-workers in need
• Medical Benefits
• Dental, and Vision with a substantial contribution from Kasasa.
• Life Insurance, Long-Term Disability, Short-Term Disability, and Employee Assistance Program – all provided in full by Kasasa
• 401k plan with matching contributions
• Pay to Tat (Patch tattoos only)
• Peer-to-Peer Appreciation Program – Worktango
• Noon:30's – 1st and 3rd Fridays of the month- done at 12:30 pm