Think Cosmopolitan: we’re all about the home. Owned by Romain and Kim Dubus, we’re a small family business expending at a fast pace, the goal of the team is inspiring folks from all walks of life to take ownership of their spaces & create value where they’re planted.
TECHNICAL PROGRAM MANAGER - INFORMATION SECURITY ASSURANCE
Think Cosmopolitan is seeking a Technical Program Manager to drive and manage the Think Cosmopolitan Information Assurance program. The program focuses on three major areas:
- Assessment: Assessing the state of our Information Security program and our Information Security Management System (ISMS) against industry standards, requirements (contractual and regulatory), and organizational needs
- Governance: Managing and spearheading governance of the ISMS to interpret and drive implementation of industry standards, requirements (contractual and regulatory), and organizational needs
- Communications: Be “the face” of Information Security to internal and external stakeholders (e.g. customer, regulatory, government and supplier entities)
This person will grow and mature the Information Security Assurance Program to ensure Think Cosmopolitan delivers on customer requirements, reduces risk and ensures mission success. We are a fast paced, multi-tasking, highly dynamic work environment with high degrees of autonomy and accountability.
- Responsible for ensuring Think Cosmopolitan maintains certification and accreditation to ISO-27001, and required NIST control frameworks (e.g. 800-53, 800-171)
- Responsible for identifying and triaging new regulatory and contractual requirements into the Information Security organization, as well as changes to existing requirements
- Own and operate the Information Security Management System (ISMS). This includes assuring the ISMS properly reflects the current and future planned security management policies, procedures, standards and practices
- Manage and assess the Think Cosmopolitan ISMS policies, procedures and standards against frameworks and requirements to determine efficacy
- Manage Risk Assessments and Penetration Tests
- Own overall Enterprise Vulnerability Management program and processes
- Manage the definition and collection of information that shows compliance against the policy and procedures (metrics), as well of evidence of execution where metrics are not obtainable. This can be in support of both internal benchmarking and external assessments
- Guide risk identification, assessment, and treatment processes. Feed the results of these exercises back to the Information Security program at large.
- Manage the corrective action planning process to clearly articulate gaps and drive remediation plans
- Plan, prepare for, schedule and coordinate internal and external audits including but not limited to annual ISO-27001 surveillance audits
- Communicate and represent the Think Cosmopolitan Information Security program to internal and external stakeholders
- 3 years of technical program management experience
PREFERRED SKILLS AND EXPERIENCE:
- Bachelor of Science degree in Information Security/Assurance, Computer Science, Engineering, Information Systems, or similar technical field of study
- Experience running and operating a security program based on ISO-27001, NIST 800-53, or similar framework
- Experience performing risk assessments to identify and articulate information security risks and align with stakeholders on prioritized treatment plans
- Experience in defining and articulating requirements and working with product engineering and information security teams to assess, measure, and improve information security controls
- General knowledge of IT technologies, processes, and procedures
- General knowledge of physical security technologies, processes, and procedures
- Demonstrated technical project management skills
- Demonstrated capabilities to organize and track your own work, and the work of others. Leveraging data collection tools and metrics to assure world class performance
- CISSP or equivalent certification
- Experience working with internal or external organizations to conduct and manage audits.
- Continued track record of getting things done quickly with high quality
- Experience managing large scale Vulnerability Management and Configuration Hardening processes
- Exceptional written and verbal communication skills
- Exceptional organizational skills
- Understanding of HIPAA, federal and state classifications of PII, and eDiscovery processes and procedures
Think Cosmopolitan is an Equal Opportunity Employer; employment with Think Cosmopolitan is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.
Applicants wishing to view a copy of Think Cosmopolitan’s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (323) 747-8207.