This site uses cookies. To find out more, see our Cookies Policy

Manager, Information Security in Lansing, MI at AF Group

Date Posted: 8/22/2018

Job Snapshot

  • Employee Type:
  • Location:
    Lansing, MI
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:

Job Description

This position will be responsible for building and maintaining the vision, strategy and programs required to ensure information assets are appropriately protected. This role establishes and leads the information security and assurance function, provides oversight for personnel with significant information security related duties as well as assists senior leadership with their information security responsibilities. Overall, this role ensures that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately.


  • Build and lead cross-functional teams that support security initiatives.
  • Develop short term and long term strategies for identity & access management, cyber engineering & operations, governance and risk, threat management and application security.
  • Identify, select and manage security vendors to ensure that service delivery and support meet performance and business objectives.
  • Continuously evaluate and assess current and future security needs of the organization and make recommendations and business case requests to substantiate changes.
  • Develop and maintain project scope, timeline and budgets, through internal team and business partners.
  • Manage customer communications as they relate to security initiatives.
  • Understand and adhere to the regulatory and compliance requirements that impact either current business operations or potential client engagements
  • Anticipate trends, situations, or changing market conditions and take appropriate action on a timely basis.
  • Think in an innovative and creative way to assist in the growth of our business by providing timely and flexible security solutions
  • Drives and maintains the information security operations function, including the oversight of information security personnel, the development of information security programs and the identification and mitigation of information security risks.
  • Leads programs and processes to design a threat assessment framework, monitors the emergence of new threats and vulnerabilities, assess impacts and drive responses as appropriate. Ensures ongoing analysis of information security threats, vulnerabilities, and trends.
  • Supports the evaluation of risk mitigation language in third party agreements and vendor support contracts.
  • Designs a Security Operations Center (SOC) capable of implementing the programs and processes and leading an incident response plan. Develops metrics reporting to communicate effectiveness of SOC to leadership.
  • Ensures clear and timely business advice is provided to executive management on key information security and assurance issues.
  • Ensures that information security and risk is adequately represented on relevant business and governance forums and is known, well-integrated, and addressed.
  • Builds sound business relationships to enable a strong understanding and close alignment with business needs, direction, and risk tolerance.
  • Maintains relationships with threat intelligence communities, local, state and federal law enforcement and other related government agencies.
  • Stays informed of dynamic threats, trends, motivations and capabilities of information security adversaries.
  • Monitors compliance with information security policies, standards, and processes and enforces remediation of non-compliance.
  • Collaborates with various departments to understand and address the risk position around key business applications.
  • Oversees the development and maintenance of information security policies, including standards and processes that fit the organization at all levels.


    Directly supervises staff in accordance with company policies and applicable Federal and State Laws. Responsibilities include but are not limited to developing staffing plans and information security budgets, effectively interviewing, hiring, terminating, and training employees; planning, assigning and directing work; appraising performance; rewarding and counseling employees; addressing complaints and resolving problems; supporting and encouraging the engagement process.



    Bachelor's degree in computer science, business administration or a technology-related field. Relevant combination of education and experience may be considered in lieu of degree. Professional security management certification such as CISA, CISM, CISSP is preferred.


    Five to seven years of experience leading information risk, security and governance teams, transforming functions and changing culture. Experience with leading the response to incidents, crisis, and investigations with sensitivity, tenacity, and a focus on detail. Extensive experience in information security architecture, information security standards, consultative stakeholder management, and strategic planning. Experience with classified networks, information classification, and confidentiality requirements associated with high security environments. Three years demonstrated leadership in information security program management.


  • Deep understanding of information security architecture discipline, processes, concepts, and best practices.
  • Deep understanding of control, risk management and audit issues; demonstrated consultative approach to driving change and deploying controls.
  • Knowledge of common information security management frameworks such as NIST, COBIT, ISO/IEC 27001, ITIL, and HITRUST.
  • Knowledge and understanding of relevant legal and regulatory requirements such as HIPAA, FISMA, NIST 800-53, etc.
  • Knowledge of technological trends and developments in the area of information security and risk management; Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
  • Knowledge of firewalls, anti-virus, intrusion detection/intrusion prevention systems, virtual private networks, remote access systems, network zoning, centralized monitoring, and application scanning.
  • Knowledge of information security and risk control frameworks as well as business continuity and IT disaster recovery frameworks.
  • Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction, in a culturally diverse, matrix management environment.
  • Strong facilitation, communication and presentation skills and a clear ability to build strong relationships with business stakeholders at all levels, including executive managers and vendors.
  • Background in project management, financial/budget management, scheduling and resource management.
  • Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion.


    Work is performed in an office setting with no unusual hazards. Minimal travel required.

    The qualifications listed above are intended to represent the minimum education, experience, skills, knowledge and ability levels associated with performing the duties and responsibilities contained in this job description.

    We are an Equal Opportunity Employer. Diversity is valued and we will not tolerate discrimination or harassment in any form. Candidates for the position stated above are hired on an "at will" basis. Nothing herein is intended to create a contract.

    Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled

    1. IT Jobs
    2. IT Manager Jobs