Manager, Information Security

~ Guided by our team of talented employees, we are a lifeline service provider dedicated to meeting the needs of our customers, day and night, no matter what challenges we face. ~

For our customers, that means delivering natural gas to heat their homes and run their businesses. For our shareowners, it means providing consistent results. For the communities we serve, it means being a reliable corporate partner. And for the next generation, it demands that we act as a responsible steward of our environment. 

Position Overview

This position is responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets and technologies are adequately protected; and plans and administers the overall policies, goals and procedures for the information security function.

This position also directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology (IT) risks. You'll evaluate information risk on a regular time schedule and promotes information security awareness within the organization. The position also initiates, implements and develops information security and disaster recovery programs in accordance with organizational information security standards.

Responsibilities 

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
• Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee.
• Identify protection goals, objectives and metrics consistent with corporate strategic plan.
• Manage the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance and audit of information security.
• Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk and prioritize spending based on ranking of appropriate risk.
• Provide regular reporting on the current status of the information security program to enterprise risk teams, and senior business leaders as part of a strategic enterprise risk management program.
• Maintain relationships with local, state and federal law enforcement and other related government agencies along with NJR's Physical Security team.
• Create education and awareness programs and advise operating units at all levels on security issues, best practices and vulnerabilities.
• Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
• Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
• Liaise among the information security team and corporate risk management and compliance, audit, legal and HR management teams as required.
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the Company's reputation including the investigation of security breaches, and assistance with disciplinary and legal matters associated with such breaches; as necessary.
• Perform related duties and fulfill responsibilities as required.

Qualifications 

Position Specifications:

• Minimum of 8 years of experience in a combination of risk management, information security and IT positions. At least two years must be in a leadership role.
• Degree in a technology-related field or business administration, or equivalent work or education-related experience.
• Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials, is a plus.
• Knowledge of common information security management frameworks (e.g.ISO/IEC 27001, ITIL, COBI, COSO, etc.)
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Experience in developing policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Must be a critical thinker, with strong problem-solving skills.
• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment to meet overall objectives.
• Project Management skills, financial/budget management, scheduling and resource management.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision. 

Note: This position is subject to a background check and physical, including a drug screen.

~ New Jersey Resources is an Equal Opportunity Employer, which includes providing equal opportunity for minorities, women, protected veterans and individuals with disabilities. VEVRAA Federal Contractor - priority referrals of protected veterans. ~