Sr. Manager - Information Security

About ITS Logistics
ITS Logistics is a premier Third-Party Logistics company (3PL) that provides personalized supply chain solutions with an asset-based dedicated fleet, warehousing and distribution services, and a nationwide multi-modal asset-lite division. Founded in 1999, ITS Logistics operates daily throughout the U.S. and proudly offers unparalleled service backed by its strong family values and work ethic. ITS’ continued growth and increasing market share have been largely attributable to the Company’s client-first model and relentless pursuit in upholding its core values.  ITS’ recent performance has been highlighted by its placement within the Top 75 for Distribution Services, Top 40 for Dedicated, Top 25 for Asset-Lite and Top 20 for Drayage Services, nationwide in 2021.

Join our team and experience ITS Logistics!
 
It's fun to work in a company where people truly believe in what they're doing. At ITS, we're committed to bringing passion and customer focus to the business of logistics. We work hard, and we're serious about what we do. But we like to have a good time, too. In fact, we run our company with that principle in mind every day!
 

At ITS, customer satisfaction is our top priority. We maintain a strong focus on investing for the future and have a record of utilizing our resources to provide our customers with an industry-leading service. 

 Information technology is a core enabler in delivering these quality services, and ITS continues to invest in transforming its applications and infrastructure to support business growth and differentiation. An increasing percent of IT spending is now allocated to innovation and transformation initiatives with the goal to rapidly leverage the following significant technology shifts for maximum business gain:

• Cloud services and elastic infrastructure to aid business agility, scalability, and resiliency.
• Data analytics to inform decision-making, drive business outcomes, and uncover new opportunities with data-driven insights.
• AI and automation to improve efficiency and to speed up business processes and results.
• Digital apps to reinvent the workplace to boost employee productivity, agility, and digital dexterity through an engaging and intuitive work environment (employee experience). 

Position Overview
The Senior Manager of Information Security will have company-wide responsibility to provide security leadership in supporting ITS Logistics’ IT infrastructure and applications. The individual will be accountable for building and leading a corporate Information Security program to execute and deliver the following capabilities: IT systems security assessments, risk assessment and analysis, remediation prioritization, security operations, security policy development, security awareness training, security audits, certification, and compliance management. This role will also help influence and drive the overall enterprise Information Security strategy. 

The individual will align the security operations of the company with industry benchmarks and best practices and implement capabilities that materially improve the Information Security posture of the company. The individual will be well-versed in security architecture and controls, familiar with current and emerging threats, able to develop appropriate risk mitigation plans, and proficient at working with internal business units and vendors to resolve risk issues. This is a hands-on position that requires practical experience in the areas of Information Security, privacy, risk management, and compliance.

Achieving this expected level of performance will require the candidate to have advanced skills in planning and managing multiple simultaneous projects and collaborating successfully with peers and others in the company.

Primary Accountabilities

Implement and maintain an enterprise-wide Information Security capability by executing the following: 

1. Define, implement, and manage a comprehensive security program that supports corporate business objectives, ensures adherence to regulatory requirements, and continually focuses on improving security and compliance posture.
2. Create, implement, and document comprehensive security policies, standards, and procedures to meet current business needs and compliance regulations.
3. Monitor current incidents and threats and ensure that the company is protected appropriately.
4. Ensure PCI and SOX compliance, and other audits as necessary.
5. Perform end-to-end technical security reviews for new projects and other IT initiatives.
6. Regularly assess infrastructure and applications against security standards, develop risk mitigation strategies and plans, and drive execution of remediation plans to reduce risk to an acceptable level.
7. Liaison with internal and external audit groups to address audit and compliance concerns.
8. Adapt and incorporate established security frameworks such as ISO 27001 and 27002 to meet ITS’ needs.
9. Promote and raise awareness of Information Security principles, policies, standards, and best practices. 
10. Manage day-to-day security operations such as security event monitoring and security incident management, compliance monitoring, data loss prevention, and monitoring and responding to emerging threats.
11. Consult with applications teams on secure applications development and perform security reviews on third party applications.
12. Report all appropriate metrics on a regular basis to senior management. 

 Actively manage all support activities for security related to incident management, problem management, change management, and security performance; respond to questions from customers and auditors, and work with other teams and services providers as appropriate to resolve issues; implement objectives and strategies to effectively support all internal users; directly or indirectly assist other groups in IT Services to help them complete their specific tasks; follow and enforce IT corporate standards and policies.

Play a leadership role in developing standards and procedures to ensure that all service levels related to Information Security are met or exceeded.  Drive execution on security strategies and define and capture appropriate success metrics. Transform ITS’ security capabilities to support strategic business growth. 

Position Requirements

Bachelor’s degree from a four-year college or university; In-depth experience with security, audit and compliance frameworks such as ISO 27000 series, NIST CSF, SSAE16, etc.; CISSP, CISM preferred; Other IT Security related certifications a plus.

 To be considered for this position, the successful candidate will have a strong background in Information Security, have experience in a similar management role in a multi- billion-dollar global corporation and possess evidence of distinguished performance in leading enterprise-wide security initiatives. 

• Required Skills - The individual must be self-motivated, able to communicate effectively with all levels throughout the company. Must have a strong ability to manage a team of technical staff members who specialize in Information Security. Must be willing to work flexible hours when required to accomplish tasks during non-business hours. 

Other special skills:

Documented experience in managing an enterprise-wide security function.

1. Demonstrated experience in the development and management of a comprehensive security program that balances risks and the needs and goals of the business units.
2. Working knowledge of common operating systems (Windows, Linux), Server virtualization using VMware products, networking equipment (Cisco, Fortinet), and network security architectures (DMZ, VLAN, IPSec, VPN, etc.). 
3. Network technologies and products including Cisco routers, Cisco switches, SD-WAN, TCP/IP, SMTP, SNMP, and 802.11x wireless communications.
4. Technical knowledge in system and network security, authentication and security protocols, and application security. 
5. Strong understanding of vulnerabilities and weaknesses in web applications and office productivity tools such as in Microsoft 365
6. Deep experience with Security tools including Fortinet firewalls, Crowdstrike, Microsoft Defender 365, SIEM tools, DLP, etc. 
7. Building and operating secure and standardized/normalized, automated, and self-service cloud platforms for engineering teams, Infrastructure as Code (IaC), and DevSecOps. Experience in Azure is highly desirable. 
8. Experience managing external auditors on security and compliance initiatives.
9. Experience in security issues related to mobile security, social media, and unified communications and collaboration.
10. Experience with (either as a customer or auditor) in vulnerability testing and security auditing, and regulatory compliance audits such as PCI, SOX, etc.
11. Demonstrated success working with internal audit, external auditors, outside consultants, and the legal department in a lead capacity.

• Quality - Demonstrates accuracy and thoroughness in resultant work products; looks for ways to improve and promote quality; applies feedback to improve performance; monitors own work to ensure quality. Expected to be diligent with figures and demonstrate accuracy and thoroughness in resultant work products, especially with costs, contracts, project plans, and reports.

ITS offers a competitive compensation and benefits package. In addition, we believe in fostering an environment where career development and enhancement is paramount to the company’s success. If you are an extraordinary person, passionate about innovation, energized by challenging opportunities, and looking for an opportunity to transform the IT infrastructure for a fast-growing logistics company, this is the right job for you!