Information Security Manager
Description:
Description
Rea is a growing Top 100 business advisory & accounting firm providing our clients services in tax, accounting, and business consulting. We have a ‘People First’ culture and we focus on our employees’ well-being and professional development. With over 400 professionals and locations throughout Ohio, our firm has a culture that respects a work-life balance for our team. We also provide competitive compensation and a robust benefits plan.
The Information Security Manager is responsible for overseeing and improving the firm’s information security program to protect systems, data, and infrastructure. This role focuses on managing security risk, compliance, incident response, and continuous improvement of security posture. The Information Security Manager collaborates cross-functionally with IT and other business and practice areas to implement effective security controls and foster a culture of security awareness.
Responsibilities
Develop, implement, and maintain the firm’s information security program and initiatives roadmap
Develop, implement, maintain, and monitor security policies, procedures, and standards in alignment with industry best practices and regulatory requirements
Conduct regular risk assessments, vulnerability scans, and security reviews to identify and mitigate potential threats and vulnerabilities
Identify, build, and implement data protection processes and technologies
Work with the firm’s third-party service providers to help manage firm information security risk
Coordinate the firm’s incident response efforts, including investigation, documentation, communication, and post-incident analysis
Evaluate and recommend security tools and technologies to enhance protection and visibility
Manage the third-party risk program, including vendor security assessments and reviews
Maintain compliance with applicable laws, regulations, and contractual obligations by leading audits, gap analyses, and remediation efforts
Lead security awareness training initiatives and phishing simulations to educate employees and promote secure behavior
Collaborate with IT teams to ensure secure configuration and management of systems, networks, and cloud environments
Track, report, and present security metrics to leadership and stakeholders
Serve as the internal subject matter expert on cybersecurity, privacy, and data protection
Other duties as assigned
Knowledge, Skills, and Abilities
Expert-level understanding of information security risks and controls, including the zero-trust model
Advanced knowledge of information security audit and assessment methodologies and best practices
Expert-level knowledge of information security frameworks, risk management, and incident response
Strong experience with security tools and platforms (e.g., vulnerability scanners, firewalls, endpoint protection)
Strong understanding of security principles in cloud (e.g., Azure, AWS), on-prem, and hybrid environments
Thorough understanding of compliance programs (e.g., SOC 2, HIPAA)
Ability to stay current with emerging technologies and architectures
Solid understanding of IT enterprise architecture in a security context
Highly self-motivated
Exceptional written, oral, interpersonal, and presentational skills
Strong analytical and trouble-shooting abilities
Keen attention to detail
Ability to effectively prioritize and participate in simultaneous projects of moderate to high complexity
Knowledge of analysis, requirements gathering, and industry best practices and tools
Ability to effectively communicate between business and IT stakeholders
Ability to use discretion and handle confidential information
Requirements
Post-secondary education in the field of computer science, information systems, networking, information security, or related discipline
5+ years of full-time work experience in cybersecurity, information security, or information technology preferred
Preferred: CISSP, CISM, CISA, Security+ certification
Benefits
Rea offers a wide variety of benefits to help support our employees' health, wellness and financial goals.
Health Care Plan (Medical, Dental & Vision)
Retirement Plan (401k)
Life Insurance (Basic, Voluntary & AD&D)
Paid Time Off (Vacation, Sick & Holidays)
Four (4) weeks PTO
Twelve (12) paid holidays, of which three (3) are floating holidays
Family Leave (Maternity, Paternity)
Short Term & Long Term Disability
Training & Development
Wellness Resources
Rea does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies without pre-approval from Rea’s Talent team. Pre-approval is required before any external candidate can be submitted. Rea will not be responsible for fees related to unsolicited resumes and for candidates who are sent directly to our hiring managers.