Administrator Information Security, Technical Job Listing at NJM Insurance Group in Trenton, NJ (Job ID R2007062)

Description

General Summary: A brief description of the main purpose for this position.

The Information Security Administrator will report directly to NJM's Information Security Officer and oversee the day-to-day management of the Information Security staff and implementation of department objectives.

Essential Duties and Responsibilities: Essential functions of this job are listed below in order of priority. Reasonable accommodations may be made to enable individuals to perform the essential duties. Regular and predictable onsite attendance is an essential function of the job.

Responsibilities include managing a work plan to ensure security goals and objectives are met; developing and managing an inventory of systems containing sensitive data and business owners; and maintaining an inventory of significant adverse events and security incidents. 

With leadership and direction from NJM's Information Security Manager, the Information Security Administrator is responsible for implementing NJM's Information Security risk assessment objectives, including reviewing and analyzing potential cybersecurity adverse events. Responsibilities also involve designing information security risk assessments, including application and business partner risk assessments, and authoring risk assessment reports for delivery to business units, executive leadership and the Board of Directors.  Additional responsibilities include managing NJM's Adverse Event and Data Breach Response Plan to address security incidents, and assist in coordinating with internal and external partners. As needed, support NJM's Information Security Manager in reporting to executive leadership and the Board of Directors on current and potential information security trends and their implications for the organization. Demonstrate professional development by attending security conferences, seminars, trainings and educational events, and maintaining cybersecurity certifications.

This is a hybrid position based in NJM's West Trenton, New Jersey corporate office four days a week with one day a week working remote from home. It is an expectation that the successful candidate will occasionally travel to NJM's other offices in Parsippany and Hammonton, New Jersey as required.

• 25% Team Management Activities- Manage daily workflow, leverage resources and ensure that project deliverables are met within the assigned area of responsibility. Provide leadership to staff including regular coaching, feedback, development, and performance management. Meets with department analysts on a weekly basis to coordinate project work assignments and manage project deliverable timelines.
   
• 15% Incident Response Work with IS/IT management in reviewing and analyzing potential cybersecurity adverse incidents/events. Responds to adverse event escalations and lead the forensic investigations as part of the NJM Adverse Event and Data Breach Response Plan.
   
• 20% Administrative functions- Works with the Information Security Manager to establish plans and procedures which ensure that the Information Security Department's goals and objectives are met.  Develops and manages an inventory of systems containing sensitive data and business owners.  Maintains an inventory of significant adverse events and security incidents.  Maintains an inventory security technology and maturity of functions across the enterprise. Assist in the Policy development and updates as needed
   
• 40% Security Monitoring – Manage team to identify security vulnerabilities and hacking threats in corporate ecosystem. Attack surface management, the ability to Identify, assess and prioritize areas of significant information security risk to the organization's systems. Implement NJM's Information Security risk assessment objectives, Designs information security risk assessments, including application and business partner risk assessments.  Authors risk assessment reports for delivery to business units, executive leadership and the Board of Directors.

Required Qualifications: Knowledge, skills & abilities, experience, minimum & desired education, certification and/or license requirements.

Minimum Education:

• Bachelor's Degree in Computer Science or related field with 10 plus years of experience as in the Information Security field.

• One or more of the following information security or risk management professional certifications: CISSP, CISM, CRISC, CISA.

Managerial Experience: 

• Managerial presence and the ability to communicate effectively across all levels of the organization.
   
• The Security Admin (Technical) is expected to drive security related initiatives.
   
• The Security Admin (Technical) is expected to drive the security team's vulnerability management program.
   
• Experience with Vulnerability scanning and Pen testing and managing individuals and third parties to perform these tasks
   
• Experience with assigning risk and prioritizing risk based on the results
   
• Ability to work across business units to develop actionable remediation plans
   
• The Security Admin (Technical) should have experience leading SIEM and SOC solutions and ongoing management of those solutions
   
• The Security Admin (Technical) will be responsible for identifying solutions that enhance the Security Development Life Cycle (SDLC)
   
• The Security Admin (Technical) is expected to contribute to the corporate security strategy with security leadership and other senior leaders within NJM
   
• The Security Admin (Technical) will lead discussions with an emphasis on securing systems, applications, third-party connections, and ancillary systems
   
• The Security Admin (Technical) is responsible for monitoring and managing secure solutions while ensuring these solutions are in accordance with the NJM's security policies, best practices
   
• Project Management experience and experience with creating and managing project plans
   
• Hands-on role working directly with peers to integrate the Information Security Team's functions with other relevant business units
   
• Strong collaboration, critical thinking skills
   
• Ability to interact with internal/external clients, auditors, and regulators in a professional manner
   
• Strong interpersonal, verbal and presentation skills
   
• Strong written communication skills
   
• Direct report leadership experience
   

Professional Experience:

• 10 years of increasing responsibility work assignments related to the implementation of information security
   
• Broad and deep knowledge of business automation technology- (IT), information security technologies, protective controls and control frameworks, and the IT audit process
   
• In-depth knowledge of information security and implementing technology to support an  Information Security program
   
• Direct experience in the oversight of third party penetration assessments
   
• Responsibility for performing and reviewing information security infrastructure and business partner risk assessments.

Legal Disclaimer: NJM is proud to be an equal opportunity employer. We are committed to attracting, retaining and promoting a diverse and inclusive workforce that is fully representative of the diversity that exists in the communities in which we do business.

NJM reserves the right at any time to amend, add or delete any aspect of the job description for this position based on business needs.

Compensation: Salary is commensurate with experience and credentials.

Eligible full-time employees receive a competitive Total Rewards package, including but not limited to a 401(k) with employer match up to 8% and additional service-based contributions, Health, Dental, and Vision insurance, Life and Disability coverage, generous PTO, Paid Sick Leave, and paid parental leave in addition to state-mandated leave. Employees may also be eligible for discretionary bonuses.

Legal Disclaimer: NJM is proud to be an equal opportunity employer. We are committed to attracting, retaining and promoting a diverse and inclusive workforce that is fully representative of the diversity that exists in the communities in which we do business.