Information Security Supervisor

Information Security Supervisor

MarketSource is a sales acceleration company focused on delivering better outcomes for many of the world’s most iconic brands. We design, operationalize, and execute managed sales and customer experience solutions for companies in B2B and B2C environments.

Our solutions are purpose-built and tech-enabled to deliver measurable improvements in business outcomes. We live by a set of people-focused values that guide our relationships with each other and with our clients. By putting people first, working together to make others successful, and establishing a rich and empowered work culture, we create opportunities for our people and the businesses we serve to be successful.

Summary

The Information Security Supervisor will have a lead role in Information Security policy development and maintenance; design of security policy education, training, and awareness activities. The Information Security Supervisor will be responsible for monitoring compliance with corporate and operating company IS policy and applicable law and coordinating investigation and reporting of security incidents. Working with other units in IS, the Information Security Supervisor will assist in the development and continuous improvement of standard ITIL based processes that provide for the compliance of policies, working in tandem with Allegis Information Security teams.

The Information Security Supervisor is responsible for the analysis and documentation of the granting of policy exceptions by the appropriate level of management. The Information Security Supervisor will perform reviews and lead appropriate remediation projects for the MarketSource infrastructure, implement and maintain recognized information security compliance standards (e.g. SOC 2, ISO 27001/2, NIST, PCI Compliance, HIPAA Compliance, etc.) depending on specific client's business requirements, implement current information security measures, review compliance with current policies, assess current level of security, perform data gathering according to MarketSource standards, advise Enterprise Architects on suggested improvements, and report compliance with policies to IS and business leadership.

Essential Job Functions:

• Coach, develop, and mentor a team of analysts to achieve quality performance
• Respond to Information Security incidents.
• Respond to Legal and Executive requests for data gathering and analysis
• Document compliance requirements and reference those requirements to the source documentation (e.g. SOC 2, ISO 27001/2, NIST, PCI Compliance, HIPAA Compliance, etc.), depending on specific organization and/or client policies
• Perform the implementation, operation and maintenance of the Information Security Management System based on the industry series standards (e.g. SOC 2, ISO 27001/2, NIST, PCI Compliance, HIPAA Compliance, etc.), depending on specific client's business requirements.
• Act as a Champion for a “center of excellence” for information security management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively.
• Document and report assessment and audit findings to the Security Operations Manager.
• Collaborate with IS management, the corporate Legal department, safety and security, and law enforcement agencies to manage risks and security vulnerabilities.
• Collaborate with other IS groups to implement Information Systems policies, procedures, standards and guidelines.
• Lead recurring meetings on Information Security related topics and issues (i.e. data loss prevention, network proxy, firewall changes, policy exceptions, etc.).
• Lead collaboration efforts to document interpretations or clarifications of corporate policies and compliance documentation into measurable and actionable policies that can be monitored, enforced, and managed through process.
• Monitor and advise on Information Security issues related to the systems and workflow to ensure that the internal security controls are appropriate and operating as intended.
• Perform the operation of related compliance monitoring, auditing, and improvement activities to ensure compliance both with internal corporate policies and applicable laws and regulations
• Work Incidents and Requests from the Security ticket queue and then manage the queue while handling policy exception requests.
• Represent the Information Security role in the Change Management, Incident Management, Patch Management, and Problem Management processes.
• Answer information security questionnaires required by the customers of the Operating Companies.
• Conduct research in keeping abreast of latest information security issues.
• Prepare documentation, including policies, processes and procedures, notifications, Web content, and IS alerts.
• Actively participate in the IT security community to stay abreast of current standards and best practices.
• Maintain an industry-standard information security certification.
• Perform other related duties as assigned.

Required Knowledge, Skills, and Abilities:

• Expertise in two or more technology domains (security, infrastructure, device, identity, applications, integration, and data).
• Understanding of “best practice” around enterprise security frameworks.
• Ability to translate complex technical terminology, concepts, and issues in terms understandable to both technical and non-technical management and staff.
• Ability to understand the long-term ("big picture") and short-term perspectives of situations/solutions.
• Ability to assist in diagnosing, isolating, and resolving complex problems pertaining to security infrastructure.
• Ability to assist in evaluating and recommending security technology/vendor agnostic solutions.
• Ability to assist with vulnerability assessments.
• Ability to utilize general office business equipment.

Job Requirements:

• Bachelor’s degree in the field of MIS, computer science, information systems or computer engineering
• Five + years’ experience working with:
  • Information Security planning for a large, global organization.
  • Network, host, data, integration, and application access security in multiple operating system environments (Windows, Solaris, Linux, etc.).
  • Understanding of Information Security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists.
  • Internet, web, application and network security techniques.
  • Leading firewall, network scanning and intrusion detection products and authentication technologies.
  • Federal/International regulations related to information security (FISMA, Computer Security Act, Safe Harbor, HIPAA, etc.).
• Four (4) in-office workdays per week and the option to work remote OR in office on fifth (5^th) day  

MarketSource is an Equal Opportunity Employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. If you would like to request reasonable accommodation, such as the modification or adjustment of the job application process or interviewing process due to a disability, please call 877-883-4575 or email HR@MarketSource.com.

Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms.  This role may be eligible for the following:

• Medical, dental & vision
• 401(k)/Roth
• Insurance (Basic/Supplemental Life & AD&D)
• Short and long-term disability
• Health & Dependent Care Spending Accounts (HSA & DCFSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)

San Fran Candidates only: Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Los Angeles Candidates only: We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.

Unincorporated Los Angeles County Candidates Only: Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Where applicable, in accordance with the Los Angeles County Fair Chance Ordinance for Employers, Candidates must satisfy all pre-employment screening criteria and may be disqualified due to criminal history because the requirements of this position, as outlined above, may include: access to valuable company assets; exercise of good judgment and performance of duties safely under work conditions that may be stressful including under supervision of client; access to sensitive personal or financial information; and/or access to objects that may be used to inflict injury or harm to others.