Rea
Overview
Join to apply for the
Information Security Manager
role at
Rea . Rea
is a growing Top 100 business advisory & accounting firm providing services in tax, accounting, and business consulting. We have a ‘People First' culture and focus on our employees' well-being and professional development. With over 400 professionals and locations throughout Ohio, our firm supports a work-life balance and offers competitive compensation and a robust benefits plan. The Information Security Manager is responsible for overseeing and improving the firm's information security program to protect systems, data, and infrastructure. This role focuses on managing security risk, compliance, incident response, and continuous improvement of security posture. The Information Security Manager collaborates cross-functionally with IT and other business and practice areas to implement effective security controls and foster a culture of security awareness.
Responsibilities
Develop, implement, and maintain the firm\'s information security program and initiatives roadmap Develop, implement, maintain, and monitor security policies, procedures, and standards in alignment with industry best practices and regulatory requirements Conduct regular risk assessments, vulnerability scans, and security reviews to identify and mitigate potential threats and vulnerabilities Identify, build, and implement data protection processes and technologies Work with the firm\'s third-party service providers to help manage firm information security risk Coordinate the firm\'s incident response efforts, including investigation, documentation, communication, and post-incident analysis Evaluate and recommend security tools and technologies to enhance protection and visibility Manage the third-party risk program, including vendor security assessments and reviews Maintain compliance with applicable laws, regulations, and contractual obligations by leading audits, gap analyses, and remediation efforts Lead security awareness training initiatives and phishing simulations to educate employees and promote secure behavior Collaborate with IT teams to ensure secure configuration and management of systems, networks, and cloud environments Track, report, and present security metrics to leadership and stakeholders Serve as the internal subject matter expert on cybersecurity, privacy, and data protection Other duties as assigned
Knowledge, Skills, And Abilities
Expert-level understanding of information security risks and controls, including the zero-trust model Advanced knowledge of information security audit and assessment methodologies and best practices Expert-level knowledge of information security frameworks, risk management, and incident response Strong experience with security tools and platforms (e.g., vulnerability scanners, firewalls, endpoint protection) Strong understanding of security principles in cloud (e.g., Azure, AWS), on-prem, and hybrid environments Thorough understanding of compliance programs (e.g., SOC 2, HIPAA) Ability to stay current with emerging technologies and architectures Solid understanding of IT enterprise architecture in a security context Highly self-motivated Exceptional written, oral, interpersonal, and presentational skills Strong analytical and trouble-shooting abilities Keen attention to detail Ability to effectively prioritize and participate in simultaneous projects of moderate to high complexity Knowledge of analysis, requirements gathering, and industry best practices and tools Ability to effectively communicate between business and IT stakeholders Ability to use discretion and handle confidential information
Requirements
Post-secondary education in the field of computer science, information systems, networking, information security, or related discipline 5+ years of full-time work experience in cybersecurity, information security, or information technology preferred Preferred: CISSP, CISM, CISA, Security+ certification
Benefits
Rea
offers a wide variety of benefits to help support our employees\' health, wellness and financial goals. Health Care Plan (Medical, Dental & Vision) Retirement Plan (401k) Life Insurance (Basic, Voluntary & AD&D) Paid Time Off (Vacation, Sick & Holidays) Four (4) weeks PTO Twelve (12) paid holidays, of which three (3) are floating holidays Family Leave (Maternity, Paternity) Short Term & Long Term Disability Training & Development Wellness Resources Rea does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies without pre-approval from Rea\'s Talent team. Pre-approval is required before any external candidate can be submitted. Rea will not be responsible for fees related to unsolicited resumes and for candidates who are sent directly to our hiring managers.
#J-18808-Ljbffr
Join to apply for the
Information Security Manager
role at
Rea . Rea
is a growing Top 100 business advisory & accounting firm providing services in tax, accounting, and business consulting. We have a ‘People First' culture and focus on our employees' well-being and professional development. With over 400 professionals and locations throughout Ohio, our firm supports a work-life balance and offers competitive compensation and a robust benefits plan. The Information Security Manager is responsible for overseeing and improving the firm's information security program to protect systems, data, and infrastructure. This role focuses on managing security risk, compliance, incident response, and continuous improvement of security posture. The Information Security Manager collaborates cross-functionally with IT and other business and practice areas to implement effective security controls and foster a culture of security awareness.
Responsibilities
Develop, implement, and maintain the firm\'s information security program and initiatives roadmap Develop, implement, maintain, and monitor security policies, procedures, and standards in alignment with industry best practices and regulatory requirements Conduct regular risk assessments, vulnerability scans, and security reviews to identify and mitigate potential threats and vulnerabilities Identify, build, and implement data protection processes and technologies Work with the firm\'s third-party service providers to help manage firm information security risk Coordinate the firm\'s incident response efforts, including investigation, documentation, communication, and post-incident analysis Evaluate and recommend security tools and technologies to enhance protection and visibility Manage the third-party risk program, including vendor security assessments and reviews Maintain compliance with applicable laws, regulations, and contractual obligations by leading audits, gap analyses, and remediation efforts Lead security awareness training initiatives and phishing simulations to educate employees and promote secure behavior Collaborate with IT teams to ensure secure configuration and management of systems, networks, and cloud environments Track, report, and present security metrics to leadership and stakeholders Serve as the internal subject matter expert on cybersecurity, privacy, and data protection Other duties as assigned
Knowledge, Skills, And Abilities
Expert-level understanding of information security risks and controls, including the zero-trust model Advanced knowledge of information security audit and assessment methodologies and best practices Expert-level knowledge of information security frameworks, risk management, and incident response Strong experience with security tools and platforms (e.g., vulnerability scanners, firewalls, endpoint protection) Strong understanding of security principles in cloud (e.g., Azure, AWS), on-prem, and hybrid environments Thorough understanding of compliance programs (e.g., SOC 2, HIPAA) Ability to stay current with emerging technologies and architectures Solid understanding of IT enterprise architecture in a security context Highly self-motivated Exceptional written, oral, interpersonal, and presentational skills Strong analytical and trouble-shooting abilities Keen attention to detail Ability to effectively prioritize and participate in simultaneous projects of moderate to high complexity Knowledge of analysis, requirements gathering, and industry best practices and tools Ability to effectively communicate between business and IT stakeholders Ability to use discretion and handle confidential information
Requirements
Post-secondary education in the field of computer science, information systems, networking, information security, or related discipline 5+ years of full-time work experience in cybersecurity, information security, or information technology preferred Preferred: CISSP, CISM, CISA, Security+ certification
Benefits
Rea
offers a wide variety of benefits to help support our employees\' health, wellness and financial goals. Health Care Plan (Medical, Dental & Vision) Retirement Plan (401k) Life Insurance (Basic, Voluntary & AD&D) Paid Time Off (Vacation, Sick & Holidays) Four (4) weeks PTO Twelve (12) paid holidays, of which three (3) are floating holidays Family Leave (Maternity, Paternity) Short Term & Long Term Disability Training & Development Wellness Resources Rea does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies without pre-approval from Rea\'s Talent team. Pre-approval is required before any external candidate can be submitted. Rea will not be responsible for fees related to unsolicited resumes and for candidates who are sent directly to our hiring managers.
#J-18808-Ljbffr